I was advising a friend today and got another chance to bring up this graphic. It’s a nice graphic to introduce early in the conversation about a company’s security and privacy. I really like this one, it contains so much information! I’d be willing to be that most companies are maturity level 1. They usually don’t have things well defined or even tracked on a regular basis. Most everything is ad hoc.
Ok, now overlay the risk, shareholder value, and negligence.
Acknowledgement to Secure Controls Framework for the graphic. Security & Privacy Capability Maturity Model (SP-CMM) (securecontrolsframework.com)
CEO at Tracc Development, Inc.
Paul Bergman runs a business strategy and cybersecurity consulting company in San Diego. He is CEO of AMRAD. He also leads a mentoring non-profit in San Diego, Lamp of Learning. He writes on cybersecurity and board management for both corporate and nonprofit boards.
Latest posts by Paul Bergman (see all)
- Got an Unpatched iPhone? A Darksword Hangs Over It! – March 23, 2026
- When Trusted RMM Tools Become the Attacker’s Backdoor – January 27, 2026
- Microsoft Integrates Sysmon Into Windows 11 and Server 2025: Pros and Cons – November 24, 2025
Leave a Reply
You must be logged in to post a comment.