Why Read This
CISOs continue to work their way into positions of greater authority and influence in their organizations, but as they do, they occasionally struggle to understand the full scope of their security responsibilities, prioritize their various initiatives, develop a coherent strategy, and articulate their value to the business. In response to these challenges, Forrester developed the Forrester Information Security Maturity Model. This comprehensive framework, which is outlined in this report, enables S&R professionals to identify the gaps in their security program and portfolio, evaluate their maturity, and better manage an overarching security strategy. The model consists of four top-level domains, 25 functions, and 128 components, each with detailed assessment criteria; it provides a consistent and objective method to evaluate any security program and articulate its scope.