CREST has developed a maturity model to enable assessment of the status of an organisation’s cyber security incident response capability. The model has been supplemented by a spreadsheet-based maturity assessment tool which helps to measure the maturity of a cyber security incident response capability on a scale of 1 (least effective) to 5 (most effective). The tool is powerful yet easy to use and consists of two different spreadsheets, enabling assessments to be made at either a summary or detailed level.
The assessment tool has been developed in conjunction with representatives from a broad range of organisations, including industry bodies, consumer organisations, the UK government and suppliers of expert technical security services. It delivers an assessment against a maturity model that is based on the 15 steps within the 3 phase Cyber Security Incident response process outlined below.
A detailed overview of the maturity assessment tool can be downloaded here
The tool itself can be downloaded here:
A part-completed example of the Cyber security incident response maturity assessment tool, for easy demonstration and understanding, can be viewed here.