Usher: A Maturity Model for Enterprise Security

Technical Guide

Today, organizations are facing a challenging and constantly evolving landscape of security threats. Yet many organizations are still reluctant to commit sufficient resources to security, failing to recognize that now, more than ever, security is a critical business competency. To meet today’s security challenges, organizations must begin to think about security in a business context.

But how do organizations go about this process, and what does it actually look like in practice? This paper presents a framework for thinking about security maturity and profiles the four stages that organizations advance through as they deepen their security capabilities. The goal of this paper is to help organizations assess their level of security maturity in a larger context in order to inform business decisions.