A dynamic capability maturity model for improving cyber security

Cyber attacks continue to proliferate, with increasing sophistication and severity. Businesses and government agencies must establish robust governance, cultures, and data management processes to minimize vulnerability to such threats and ensure effective responses. Capability Maturity Models (CMMs) have been proposed to address this critical need; they enable organizations to benchmark their Cyber Security processes against a framework of recognized best practices. Unfortunately, CMMs are inherently static and diagnostic: they help identify maturity gaps, but are not directly actionable. This paper describes how to extend an existing Cyber Security CMM into a dynamic performance management framework through an intuitive Model-Simulate-Analyze methodology. This software-based framework enables organizations to formulate plans for improving their Cyber Security maturity levels; test and validate or refine those plans prior to roll-out; and monitor execution results to detect emerging problems and make appropriate mid-course adjustments to ensure success.