For professionals charged with information security, security maturity models have long been invaluable tools. For example, Gartner published “ITScore for Information Security”1 as a diagnostic tool to help chief information security officers (CISOs) assess the security of their enterprises and take their security to the next level. (See Appendix.) Based on the reasonable premise that lower security maturity represents higher risk, the Gartner framework measures security across 10 dimensions.
However, while the model is great for evaluating an enterprise, it is too broad for use as a focused tool at the endpoint. In this paper, SANS introduces a security maturity model specifically for endpoints and reveals how to assess the current state of endpoint security. It also suggests where and how to establish enterprise endpoints as part of the security curve, and offers guidance on how to progress up the curve with integrated endpoint policy, awareness and protection to move your organization to a proactive approach to security
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program