Why Read This
This report outlines the assessment framework associated with Forrester's solution for security and risk (S&R) executives. The report is designed to help CISOs as they continue working their way into positions of greater authority and influence in their organizations, occasionally struggling to understand the full scope of their security responsibilities, prioritize the various initiatives, develop a coherent strategy, and articulate their value to the business. In response to these challenges, Forrester developed the Forrester Information Security Maturity Model. This comprehensive framework, which is outlined in this revised paper, allows S&R professionals to identify the gaps in their security program and portfolio, evaluate their maturity, and better manage an overarching security strategy. The model consists of four top-level domains, 25 functions, and 123 components, each with detailed assessment criteria; it provides a consistent and objective method to evaluate security programs and articulate their value.