II.
Workflow overview
Reference · liveworkflow:security-control-maturity-assessment
Security Control Maturity Assessment overview
Assesses security control maturity against industry frameworks -- mapping implemented controls to NIST CSF, CIS Controls, and ISO 27001 requirement sets, scoring each control domain on a maturity scale from initial through optimized, identifying control gaps where framework requirements lack corresponding implementations, evaluating automation level and evidence-collection maturity for each control, benchmarking maturity scores against industry peers and regulatory expectations, and developing prioritized roadmaps to advance maturity in lagging domains. Produces control maturity heat map, gap analysis, and maturity advancement roadmap. Excludes control implementation and framework selection.
Attributes
displayName
Security Control Maturity Assessment
workflowKind
governance
triggerType
scheduled
typicalCadence
semi-annually
complexity
cross-team
description
Assesses security control maturity against industry frameworks --
mapping implemented controls to NIST CSF, CIS Controls, and ISO
27001 requirement sets, scoring each control domain on a maturity
scale from initial through optimized, identifying control gaps where
framework requirements lack corresponding implementations, evaluating
automation level and evidence-collection maturity for each control,
benchmarking maturity scores against industry peers and regulatory
expectations, and developing prioritized roadmaps to advance maturity
in lagging domains. Produces control maturity heat map, gap analysis,
and maturity advancement roadmap. Excludes control implementation and
framework selection.
Outgoing edges
applies_to_domain2
- domain:cybersecurity-grc·DomainCybersecurity GRC
- domain:security·DomainSecurity
involves_role3
- role:security-risk-analyst·RoleSecurity Risk Analyst
- role:security-reviewer·RoleSecurity Reviewer
- role:principal-engineer·RolePrincipal Engineer
performed_by_org_unit2
- org-unit:security-team·OrgUnitSecurity Team
- org-unit:compliance-team·OrgUnitCompliance Team
requires_skill_area2
- skill-area:incident-response·SkillAreaIncident Response
- skill-area:identity-security·SkillAreaIdentity & Access Security
triggers_responsibility2
- responsibility:security-review·ResponsibilitySecurity review
- responsibility:run-security-scans·ResponsibilityRun security scans
Incoming edges
follows_workflow1
- stack-profile:siem-platform·StackProfileSIEM Platform (Elasticsearch, Python, RabbitMQ, Redis, React, PostgreSQL)