Cyber Security Incident Response Maturity Assessment

CREST has developed a maturity model to enable assessment of the status of an organisation’s cyber security incident response capability.  The model has been supplemented by a spreadsheet-based maturity assessment tool which helps to measure the maturity of a cyber security incident response capability on a scale of 1 (least effective) to 5 (most effective).  The tool is powerful yet easy to use and consists of two different spreadsheets, enabling assessments to be made at either a summary or detailed level.

The assessment tool has been developed in conjunction with representatives from a broad range of organisations, including industry bodies, consumer organisations, the UK government and suppliers of expert technical security services.  It delivers an assessment against a maturity model that is based on the 15 steps within the 3 phase Cyber Security Incident response process outlined below.

A detailed overview of the maturity assessment tool can be downloaded here

The tool itself can be downloaded here:

• CSIR Maturing Assessment Tool (High level)
• CSIR Maturity Assessment Tool (Detailed)

A part-completed example of the Cyber security incident response maturity assessment tool, for easy demonstration and understanding, can be viewed here.