Security Capability Maturity Assessment

Emirates Group IT security team, was engaged in a project the objective of which was to assess the capability maturity level of cornerstone information security processes and to compare the processes performance with the performance of similar processes implemented in other international & regional carriers. In order to accomplish the project objective, we have designed and followed a customised assessment methodology that included the selection of two international and one regional carrier that led to the formulation of a benchmark sample, the development of an IT security questionnaire based on the merits of ISO/IEC 27002:2005 and CobIT v4.1, the performance of time restrictive clarification interviews with the client, the results analysis and the development of the final report. Amongst the assessment benefits were the determination of a) the security processes actual “performance”, b) the industry’s security processes current maturity status, c) Emirates Group IT security department target for process improvement and d) the selection & recommendation of meaningful and practical security controls.