CISOs often struggle to articulate the full scope of their security responsibilities, develop a coherent strategy, prioritize their various initiatives, and connect their value to the business. In response to these challenges, Forrester developed the Forrester Information Security Maturity Model (FISMM) so that security and risk (S&R) professionals in the align phase can identify the gaps in their security program and portfolio, evaluate their maturity, and better manage a comprehensive security program.