A Security Maturity Model (SMM) provides an organisation with a distinct Information Security framework. Organisations that conform to these models are likely to pursue satisfactory Information Security. Additionally, the use of Security Maturity Models promotes the use of best practice standards that generally lead to proper Information Security Governance. Based on these two assertions, the hypothesis of this article is that the best practice driven Information Security Governance model is analogous to a Security Maturity Model. Accordingly, organisations can implement the best practice model as a sole tool to ensure Information Security Maturity. This article proves the hypothesis by extracting characteristics from various industry Security Maturity Models and developing a generic Security Maturity Model. The best practice driven model then maps onto the generic Security Maturity Model to prove the analogy. The premise of this study is that the best practice driven Information Security Governance model conforms to all the requirements of the generic Security Maturity Model. The conclusion is that the proper implementation of this model leads to a high Information Security Maturity level
Reference:
Lessing, MM. 2008. Best practices show the way to information security maturity. 6th National Conference on Process Establishment, Assessment and Improvement in Information Technology (ImproveIT 2008), Johannesburg, South Africa, 17-19 September, pp 1-9.
Lessing, M. (2008). Best practices show the way to information security maturity. http://hdl.handle.net/10204/3156
Lessing, MM. "Best practices show the way to information security maturity." (2008): http://hdl.handle.net/10204/3156
Lessing M, Best practices show the way to information security maturity; 2008. http://hdl.handle.net/10204/3156 .
6th National Conference on Process Establishment, Assessment and Improvement in Information Technology (ImproveIT 2008), Johannesburg, South Africa, 17 - 19 September 2008