How does SecuriThink relate to the Maturity Scale Information Security?
Whether cyber maturity is measured by a 5 level (e.g. Gartner) or 4 level (e.g. NIST) scale, it does not map directly to the 5 levels of results in SecuriThink methodology. However, there is a lot of common ground at the highest levels of both scales.
The cyber maturity scale and the SecuriThink results scale each describe a different dimension of higher performance by the organization which makes possible a higher quality outcome for the business. It stands to reason, therefore, that they would complement one another.
We know one CIO who says that above cyber maturity level 3.5 on a 5 point scale, an organization can’t buy their way to higher levels by simply spending more on technology. He believes those higher maturity levels are achieved by building cybersecurity into the culture, a behavioral dimension described by the SecuriThink results scale.
Both the Gartner and the NIST scales describe the top 2 tiers as including, respectively, active and proactive engagement of all employees with cybersecurity. This is the business change described by the two top tiers of the SecuriThink results scale.
More FAQ
Why does a SecuriThink project always begin with an assessment?
Our clients engage us to get from one place to another so we might think of an example as “We’re in Chicago and we want you to help us get to San Francisco.” What we’ve learned is that someone who says they’re in Chicago might actually be in St. Louis or maybe even Miami.
How does SecuriThink relate to Security Education and Awareness (SEA) efforts?
SEA is a subset of a SecuriThink engagement strategy. We work in cooperation with existing efforts and leverage them to the fullest extent possible.
What is Cultural Armour?
Cultural ArmourTM is achieved when cybersecurity is embedded in company culture. It means you walk the talk that “Everyone has a role in cybersecurity.”
How is SecuriThink different from other business transformation resources?
SecuriThink senior practitioners are to business transformation specialists as engineers are to physicists. The distinction is one of theory versus applied theory.
Are SecuriThink practitioners experts in cybersecurity technology?
Starting with our founder’s degree in computer engineering and cybersecurity credentials, technology is at the core of what we do. Cybersecurity is a very broad area; no one person knows it all. We work well with Subject Matter Experts (SMEs) to make sure all your bases are covered.
Why does SecuriThink get more traction than most business transformation efforts?
Our cybersecurity specialty gives SecuriThink a tighter focus than most business transformation efforts. We aim to shift your culture, not turn it inside out. We stay in our lane.
How does SecuriThink approach an assessment?
The SecuriThink methodology draws on a bank of over 200 questions from which a dynamic subset is selected for your project.