 |
Leading an effective security program is certainly not for the faint of heart. Modern CISOs face unprecedented growth and diversity in both the IT environment they are charged with protecting and the risk and threat landscape they are defending against. While each organization has its own unique attack surface, operating model, and risk tolerance, most security leaders share a common objective—to enable operational continuity while minimizing friction, disruption, and financial risk. Strategies used to achieve these objectives can vary dramatically across different organizations, regardless of size, objectives, and structure, often driven by experiences, relationships, and overall security program maturity. As security leaders craft strategies comprised of people, processes/policy, and technology, they face an ongoing resource and skills shortage, motivating many to leverage outside service providers to implement, supplement, or augment parts of their operation. The emergence of modern security service providers is supplying security leaders with new opportunities to accelerate program development velocity. This paper will introduce a security maturity hierarchy and outline commonly used program strategies that are associated with individual levels of maturity. |
