Getting to Good Enough; Use the Cybersecurity Maturity Model to Plot a Course to Optimal Protection
Good enough. It’s the plain-speaking way to say “optimal”. It means just right, a kind of balanced state. And in business, things are optimal when you are paying for precisely what you need—not more and not less. This simple concept has always been difficult to apply to cybersecurity in part because cybersecurity is a moving target always striving to keep up with a cybercrime force that changes every day.
The unsurprising fact is that no organization will ever achieve complete cybersecurity. The enemy will never rest so there can be no end-state of perfect protection. And the pursuit of any such end-state is a fool’s errand pursued at considerable expense.
But what if there was a way to acknowledge the always-changing nature of cybercrime, understand what kind and how much cybersecurity makes sense, and move toward a balanced posture?