ISMS maturity is not a measurement of how good the protection of information technology is. It is a measurement of how good we are at improving that protection, adapting to changes in the threat landscape, changes in the internal information technology environment, and learning from incidents. Each cycle we describe will have an input, an output, and a procedure. There are 10 cycles in the maturity journey:
Discovery Cycle
Prioritization Cycle
Verification Cycle
Remediation Cycle
Service Desk Cycle
Knowledge Management Cycle
Compliance Management Cycle
Activity Management Cycle
Quality Management Cycle
Resources Management Cycle
The first step in the maturity ladder is having a good understanding of what we are protecting. This step is formally described in this article:
