HITRUST’s analysis of organizational assessment data over the past 10 years indicates that the more mature an organization’s information protection program, specifically their information security controls which demonstrate proficiency of operation, management, and reporting, the more likely an organization will be to continue to operate those controls in a similar manner in the future. Further, it can also be shown that mature organizations are less likely to suffer a breach and, should a breach occur, are more likely to be able to contain it and minimize the impact. For example, Forrester Consulting has shown organizations that implement a CMM-based maturity model and have the highest level of maturity—even when limited to the area of identity and access management—incur roughly “half the number of breaches as the least mature … [and save] 40% in technology costs and an average of $5 million in breach costs.”*

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment