It’s important to understand your security posture, through regular reporting mechanisms, notifications and completion of remediation tasks. But as with many things, Cyber Security is a journey not a destination.

Whilst you should be aware of both negative and positive aspects of your security posture, there is always room to ask further questions. Discuss, debate and even argue as required to move forward with the next step of the journey.

Although not strictly related to Cyber Security, Capability Maturity Model Integration (CMMI) models can be used to develop and improve business processes that can help achieve the business goals of an organisation. Cyber Security is now considered to be a business issue, not just an IT issue.

For those organisations that stand still, or feel that there is no value in continuing to push the envelope will find that it becomes harder to catch-up after an incident. If your organisation can evolve from a reactive level to a proactive and process-driven level you are well on your way to maturing your posture. But without continually asking questions, without taking the time to review, re-evaluate and drive forward your posture will never evolve beyond the current level of maturity.