Secureworks, a leading provider of intelligence-driven information security solutions, today released the Secureworks Security Maturity Model,
a pragmatic methodology that organizations of all sizes can use to
evaluate their level of cybersecurity maturity relative to inherent
risk.
Secureworks
is releasing the model in response to its research which shows that
more than one-third of US organizations (37%) face security risks that
exceed their overall security maturity. Within that group, 10% face a
significant deficiency when it comes to protecting themselves from the
threats in their environment.
To
increase global awareness of the gaps between cybersecurity maturity
and risk, Secureworks is offering a complimentary evaluation that
organizations can take to benchmark their maturity using the Secureworks
methodology. Cybersecurity leaders who complete a simple online tool
with the support of a Secureworks security expert will receive a report
that scores the organization's capabilities and behaviors across five
essential cybersecurity domains. The report also assigns a current
security maturity tier and compares the organization's results to peer
benchmarks. Intuitive charts and graphs throughout the report can be
used to identify a desired future state of maturity, prioritize next
steps in the journey and support more confident discussions about
cybersecurity risk management with the board.
"Business
executives tell us they're looking for ways to determine whether their
cybersecurity capabilities and investment are in line with their
business risk profile," says Hadi Hosn, Consulting Practice Leader,
Secureworks. "Our recent study suggests that misalignment between
security activities and actual risk is common enough to warrant a more
pragmatic model that can help organizations both identify those gaps and
adjust their security maturity goals accordingly."
Secureworks'
Security Maturity Model is a holistic, risk-driven approach that
incorporates elements of well-known frameworks like National Institute
of Standards and Technology (NIST) and ISO 27001/02 with insight from
Secureworks' global threat intelligence, analysis of more than 1,000
incident response engagements annually and observed best practices
across 4,300 clients. Organizations who evaluate their maturity against
this methodology are scored in the cybersecurity domains of: security
organization and governance, security operations, cloud security,
incident management and threat intelligence.
"Most
frameworks come up short in helping you define the right journey to
cybersecurity maturity because they don't account for inherent risk to
begin with," says Hosn. "Instead of relying on checklists, the
Secureworks Security Maturity Model blends the best of industry best
practice frameworks with our proprietary knowledge and experience to
help organizations invest precious resources more wisely."
Key Findings: Secureworks Security Leadership Study, 2018
Secureworks'
proprietary security maturity evaluation methodology considers which
security capabilities a company currently has in place as well as
organizational behavior. In Secureworks' 2018 Security Leadership study,
guarded companies, the least mature, were lacking the same processes
that are commonly shared by resilient organizations, the most secure 7
percent of the respondents. The most divergent practices between
resilient and guarded organizations include:
- Aligning
and prioritizing vulnerability assessments based on business goals (56%
for resilient organizations vs. 2% for guarded, the least mature group)
- Conducting real-time automated security analysis of business partners (36% vs. 2%)
- Employing customized endpoint protection based on user profiles (84% vs. 3%)
- Including both technical and business teams in Incidence Response tabletop sessions (92% vs. 45%)
- Working with IR partners under retainer agreements (56% vs. 18%)
- Integrating threat indicators, with enhancements, into security and workflow controls (80% vs. 6%)