Security Control Maturity Assessment

workflow:security-control-maturity-assessment

Workflowworkflows/workflows/workflows-cyber-risk.yaml·Open in Graph →

overview json graph

Attributes

displayName

Security Control Maturity Assessment

workflowKind

governance

triggerType

scheduled

typicalCadence

semi-annually

complexity

cross-team

description

Assesses security control maturity against industry frameworks -- mapping implemented controls to NIST CSF, CIS Controls, and ISO 27001 requirement sets, scoring each control domain on a maturity scale from initial through optimized, identifying control gaps where framework requirements lack corresponding implementations, evaluating automation level and evidence-collection maturity for each control, benchmarking maturity scores against industry peers and regulatory expectations, and developing prioritized roadmaps to advance maturity in lagging domains. Produces control maturity heat map, gap analysis, and maturity advancement roadmap. Excludes control implementation and framework selection.

Outgoing edges (11)

applies_to_domain2

domain:cybersecurity-grc·DomainCybersecurity GRC
domain:security·DomainSecurity

involves_role3

role:security-risk-analyst·RoleSecurity Risk Analyst
role:security-reviewer·RoleSecurity Reviewer
role:principal-engineer·RolePrincipal Engineer

performed_by_org_unit2

org-unit:security-team·OrgUnitSecurity Team
org-unit:compliance-team·OrgUnitCompliance Team

requires_skill_area2

skill-area:incident-response·SkillAreaIncident Response
skill-area:identity-security·SkillAreaIdentity & Access Security

triggers_responsibility2

responsibility:security-review·ResponsibilitySecurity review
responsibility:run-security-scans·ResponsibilityRun security scans

Incoming edges (0)

None.