ATM cybersecurity maturity model

Level 1

A cybersecurity maturity model describes a range of capabilities that you would expect to see in an organisation with an effective approach to cybersecurity. Each capability will have a description of the kinds of activities and processes you would expect to see, at different levels of maturity. An organisation assessing its overall cybersecurity maturity compares its own practices against those described in the levels of each capability, backing up the assessment with some evidence to justify the result.

Maturity models are a highly simplified (but still useful) view of reality. They are not the same as a detailed audit, gap analysis and/or review, which still serve crucial purposes in cybersecurity.

This model is for Chief Information Security Officer (CISO) and/or cybersecurity managers (and similar roles) to use.

Given the simplicity of the results, and focus on the most critical elements, the audience of the maturity is most likely to be top management.


ATM cybersecurity maturity model – Level 1 - Ed 1.0 - October 2017