Security and Privacy Capability Maturity Model (SP-CMM)


I was advising a friend today and got another chance to bring up this graphic. It’s a nice graphic to introduce early in the conversation about a company’s security and privacy. I really like this one, it contains so much information! I’d be willing to be that most companies are maturity level 1. They usually don’t have things well defined or even tracked on a regular basis. Most everything is ad hoc.

Ok, now overlay the risk, shareholder value, and negligence.

Security and Privacy Capability Maturity Model (SP-CMM)

Acknowledgement to Secure Controls Framework for the graphic. Security & Privacy Capability Maturity Model (SP-CMM) (

Leave a Reply

Verified by MonsterInsights