search menu icon-carat-right cmu-wordmark

Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions

In this podcast, Rich Caralli explains how maturity models provide measurable value in improving an organization's cybersecurity capabilities.

Software Engineering Institute



In recent years, rapid evolutions have occurred in technology and its application in most market sectors, leading to the introduction of many new systems, business processes, markets, and enterprise integration approaches. How do you manage the interactions of systems and processes that are continually evolving? Just as important, how can you tell if you are doing a good job of managing these changes, as well as monitoring your progress on an ongoing basis? And how do poor processes impact interoperability, safety, reliability, efficiency, and effectiveness? Maturity models can help you answer these questions by providing a benchmark to use when assessing how a set of security practices has evolved. [1]

In this podcast, Rich Caralli, the technical director of CERT's Cyber Enterprise and Workforce Management Directorate, discusses maturity models and how they are being used to improve cybersecurity. He describes their key concepts, definitions, and principles and how these can and have been applied to a wide range of disciplines and market sectors.

Related Courses
Introduction to the CERT Resilience Management Model

About the Speaker

Richard A. Caralli

Richard Caralli is an SEI alumni employee.

Richard Caralli is the Technical Director of the Cyber Enterprise and Workforce Management Directorate in the CERT® Program at Carnegie Mellon University's Software Engineering Institute. He is responsible for managing a research portfolio focused on improving the security and resilience of organizational assets, …

Read more
Headshot of Julia Allen.

Julia H. Allen

Julia Allen is an SEI alumni employee.

Julia Allen is a principal researcher within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Allen’s areas of interest include operational resilience, security governance, and measurement and analysis. Prior to this technical assignment, …

Read more