The CMMI Institute today has announced the CMMI Cybermaturity Platform, a comprehensive enterprise cybersecurity capability and risk assessment platform that provides cybersecurity and senior executives with the evidence and insights to improve cybersecurity resilience.
The cloud-based platform, an ISACA Cyber Solution, was developed through research and testing with hundreds of CISOs, CIOs and CSOs in the last year. The platform features custom risk profiling, assessment, gap analyses, and roadmap functions, and is in use across multiple sectors including financial services, healthcare, and manufacturing.
“We believe focusing on risk-based capabilities is foundational to building resilience,” said Kirk Botula, CMMI Institute CEO. “A security program must be suited to the type of business and tailored to the risks at hand. That includes determining whether the processes and mechanisms that support security goals are mature and resilient enough to withstand the dynamic threat landscape –internally and externally.”
The CMMI Cybermaturity Platform addresses industry concerns and organizational challenges cited in several recent reports, including:
- A 2018 McKinsey report, where 75 percent of the risk management experts consider cybersecurity to be a top priority; 16 percent said their companies were well-prepared to deal with cyber-risk;
- ISACA’s 2017 Better Tech Governance is Better for Business statistics, which noted that 87 percent of C-suite professionals and board members lack confidence in cybersecurity initiatives—programs that remains the top corporate governance challenge;
- ISACA’s just-released 2018 State of Cybersecurity Part 1, in which nearly 1 in 3 (31 percent) security professionals says their board hasn’t adequately prioritized security.
In creating the new platform category, the CMMI Cybermaturity architecture measures current and desired maturity levels, providing a prioritized roadmap to deliver:
- Evidence-based risk reduction;
- Capability building—across people, process and technology;
- Relevancy, given the changing threat landscape through biannual updates of risks and capabilities; and
- Increased board and c-suite confidence, driven by pragmatic, insightful, easy-to-understand reports, aligned to business objectives.
As the only cloud-hosted cybersecurity maturity management application, the CMMI Cybermaturity Platform gives businesses real-time knowledge of best cybersecurity practices, so organizations can make evidence-based decisions on how to improve cybersecurity programs. The platform enables business and technology leaders to assess and view all facets of their cybersecurity program and capabilities through a risk lens to better develop a cohesive cyber strategy.
“To alleviate cybersecurity concerns, we must implement more objective, consistent, and actionable reporting to senior executives and board directors about security, and the CMMI Platform does that,” said Matt Loeb, CGEIT, CAE, FASAE, chairman of the CMMI Board of Managers and ISACA CEO. “Together, ISACA and CMMI now offer a comprehensive approach for enterprises to assess risk, develop an improvement roadmap for the organization, and, via the CSX Training Platform, to train professionals to overcome performance gaps.”
The CMMI Cybermaturity Platform’s assessment generates a unique risk profile, prioritizes the gaps in capabilities, identifies the maturity required to achieve organizational goals, and recommends options to address the gaps. The program defines maturity for people, process and technology and will enable industry benchmarking.
With such data in hand, the CMMI Cybermaturity Platform builds board confidence and trust by aligning strategic objectives with pragmatic insights of security risks. Organizations are provided with the means to be in a constant state of building capability, resiliency and appropriate governance. More information on the path to enterprise cyber resiliency can be found in our white paper, “A Risk-Aware Path to Cybersecurity Resilience and Maturity.”
The CMMI Cybermaturity Platform establishes a framework of best cyber practices which aligns with the leading industry standards, such as NIST CSF, COBIT, ISO, Cloud Security Alliance and dozens more. Further information on the assessment approach and organizational roadmaps to cyber resiliency can be found at cmmiinstitute.com/cybermaturity.