Operational Maturity

Maturity Review Process (MRP)

The process of evaluating the maturity:

  • Collect - Collect information about your processes,people and tools. Identify changes to any. The goal is to gain a holistic understanding of the organization's security teams, tools and processes. Based on that information various posture improvements can be identified.
  • Analize - Based on the data that you have collected and find the corresponding maturity level. Finding where in the maturity level the organization is important for understanding the impact and importance of each identified security improvement initiative and thus prioritize accordingly.
  • Prioritize - Prioritize and decide which is the next low hanging fruit that can be improved. Not all security issues are equally important, prioritization should focus on those initiatives that influence and change the security posture and introduce the most maturity.
  • Improve - Create an initiative or a project for improving the identified gap.

Security Improvement Initiative

Security improvement initiatives are likely outcomes of the MRP process. The goal of the security improvement initiative is to address identified visibility gaps in the organization's security posture. For example, during the review process or detection engineering we may identify that our application is not providing sufficient logging in order to detect particular behavior or ttp of interest. That is a good candidate for a security improvement initiative. The goal of the initiative would be to deliver the visibility needed and notify back the Detection Engineer so that they can proceed with the detection creation. Depending on the size of the organization and internal processes, this process might be driven by the Detection Engineer or completely separate team.

DEMM Cadence

Evaluating the maturity of the organization and striving to improve it is no one time effort or activity. For that best results can be achieved by:

  • Set a regular schedule for reevaluating and revisiting the DEMM.
  • Ensure that the security improvement initiatives are targeted with a timeline and aligned with the overall organizational security strategy.