| 摘要 |
In general, the invention relates to a method for assessing an information security policy and practice of an organization. The method includes collecting information about the information security policy and practice of the organization, generating a rating for each of a plurality of information security items using a security maturity assessment matrix and the collected information, and generating a graphical assessment of the ratings. The security maturity assessment matrix includes a first dimension and a second dimension, where the first dimension corresponds to the information security items and the second dimension corresponds to maturity levels. Further, each rating is derived using the first dimension and the second dimension.
|
