Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions
August 2013 • Podcast
In this podcast, Rich Caralli explains how maturity models provide measurable value in improving an organization's cybersecurity capabilities.
In recent years, rapid evolutions have occurred in technology and its application in most market sectors, leading to the introduction of many new systems, business processes, markets, and enterprise integration approaches. How do you manage the interactions of systems and processes that are continually evolving? Just as important, how can you tell if you are doing a good job of managing these changes, as well as monitoring your progress on an ongoing basis? And how do poor processes impact interoperability, safety, reliability, efficiency, and effectiveness? Maturity models can help you answer these questions by providing a benchmark to use when assessing how a set of security practices has evolved. 
In this podcast, Rich Caralli, the technical director of CERT's Cyber Enterprise and Workforce Management Directorate, discusses maturity models and how they are being used to improve cybersecurity. He describes their key concepts, definitions, and principles and how these can and have been applied to a wide range of disciplines and market sectors.
Introduction to the CERT Resilience Management Model