LASCON 2018

We are continuously improving our security programs and controls – to protect against new threats, keep up with evolving compliance requirements, or to just get better at what we are doing. But how can we quantify the impact of these efforts on the overall maturity of our organization's security posture?
The ability to express maturity in a consistent fashion helps to communicate the value of our initiatives to executives and provide an objective way to visualize gaps and identify priorities on the path to a robust security program.
In this talk, we will discuss the challenges and importance of measuring the maturity of a security program, available solutions, and then dive into how our team combined NIST's Cybersecurity Framework with a defined way of expressing maturity to solve this problem.
Attendees will leave with ideas on how to assess and measure the maturity of a security program, using methods beyond check-the-box compliance frameworks.