Focus on Risk-based Cyber Capabilities—People, Process and Technologies—Delivers Enterprise Readiness and Resilience
SAN FRANCISCO, Calif. -Tuesday, April 17th 2018 [ AETOS Wire ]
(BUSINESS WIRE)-- The CMMI Institute today announces the CMMI Cybermaturity Platform, a comprehensive enterprise cybersecurity capability and risk assessment platform that provides cybersecurity and senior executives with the evidence and insights to improve cybersecurity resilience.
The cloud-based platform, an ISACA Cyber Solution, was developed through research and testing with hundreds of CISOs, CIOs, and CSOs in the last year. The platform features custom risk profiling, assessment, gap analyses, and roadmap functions, and is in use across multiple sectors including financial services, healthcare, and manufacturing.
“We believe focusing on risk-based capabilities is foundational to building resilience,” said Kirk Botula, CMMI Institute CEO. “A security program must be suited to the type of business and tailored to the risks at hand. That includes determining whether the processes and mechanisms that support security goals are mature and resilient enough to withstand the dynamic threat landscape –internally and externally.”
The CMMI Cybermaturity Platform addresses industry concerns and organizational challenges cited in several recent reports, including:
A 2018 McKinsey report, where 75 percent of the risk management experts consider cybersecurity to be a top priority; 16 percent said their companies were well-prepared to deal with cyber-risk;
ISACA’s 2017 Better Tech Governance is Better for Business statistics, which noted that 87 percent of C-suite professionals and board members lack confidence in cybersecurity initiatives—programs that remains the top corporate governance challenge;
ISACA’s just-released 2018 State of Cybersecurity Part 1, in which nearly 1 in 3 (31 percent) security professionals says their board hasn’t adequately prioritized security.
In creating the new platform category, the CMMI Cybermaturity architecture measures current and desired maturity levels, providing a prioritized roadmap to deliver:
Evidence-based risk reduction;
Capability building—across people, process and technology;
Relevancy, given the changing threat landscape, through biannual updates of risks and capabilities; and
Increased board and c-suite confidence, driven by pragmatic, insightful, easy-to-understand reports, aligned to business objectives.
As the only cloud-hosted cybersecurity maturity management application, the CMMI Cybermaturity Platform gives businesses real-time knowledge of best cybersecurity practices, so organizations can make evidence-based decisions on how to improve cybersecurity programs. The platform enables business and technology leaders to assess and view all facets of their cybersecurity program and capabilities through a risk lens to better develop a cohesive cyber strategy.
“To alleviate cybersecurity concerns, we must implement more objective, consistent, and actionable reporting to senior executives and board directors about security, and the CMMI Platform does that,” said Matt Loeb, CGEIT, CAE, FASAE, chairman of the CMMI Board of Managers and ISACA CEO. “Together, ISACA and CMMI now offer a comprehensive approach for enterprises to assess risk, develop an improvement roadmap for the organization, and, via the CSX Training Platform, to train professionals to overcome performance gaps.”
The CMMI Cybermaturity Platform’s assessment generates a unique risk profile, prioritizes the gaps in capabilities, identifies the maturity required to achieve organizational goals, and recommends options to address the gaps. The program defines maturity for people, process and technology and will enable industry benchmarking.
With such data in hand, the CMMI Cybermaturity Platform builds board confidence and trust by aligning strategic objectives with pragmatic insights of security risks. Organizations are provided with the means to be in a constant state of building capability, resiliency and appropriate governance. More information on the path to enterprise cyber resiliency can be found in our white paper, “A Risk-Aware Path to Cybersecurity Resilience and Maturity.”
The CMMI Cybermaturity Platform establishes a framework of best cyber practices which aligns with the leading industry standards, such as NIST CSF, COBIT, ISO, Cloud Security Alliance and dozens more. Further information on the assessment approach and organizational roadmaps to cyber resiliency can be found at cmmiinstitute.com/cybermaturity.
About CMMI® Institute
A subsidiary of ISACA Enterprises, CMMI Institute (cmmiinstitute.com) is the global leader in the advancement of best practices in people, process, and technology. The Institute provides the tools and support for organizations to benchmark their capabilities and build maturity by comparing their operations to best practices and identifying performance gaps. For over 25 years, thousands of high-performing organizations in a variety of industries, including aerospace, finance, healthcare, software, defense, transportation, and telecommunications, have improved their performance and earned a CMMI maturity level rating and proved they are capable business partners and suppliers.
Nearing its 50th year, ISACA® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 215 chapters worldwide and offices in both the United States and China.