Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

Discerning the Intent of Maturity Models from Characterizations of Security Posture

  • January 2012
  • In this paper, Rich Caralli discusses how using maturity models and characterizing security posture are activities with different intents, outcomes, and uses.
  • Cyber Risk and Resilience Management
  • Publisher: Software Engineering Institute
  • Abstract

    Maturity models in their simplest form are intended to provide a benchmark against which a characterization of achievement can be made. Maturity models typically represent a set of attributes, characteristics, patterns, or practices that are arranged in an evolutionary scale that represents measureable transitions from one level to another. In other words, maturity models depict the evolution or scaling of attributes, characteristics, patterns, or practices from some primitive state to a more advanced, or “mature” state.

    The “measurable transitions” in maturity models should be based on empirical data that has been validated in practice; that is, each step in the model should be able to be validated as being more “mature” than the previous step. This is very difficult to do, and is often lacking in maturity model representations.

  • Download