A Better Deployment Maturity Model
A better deployment maturity model
Now that the GRC industry is more mature and there's a bit of 20/20 hindsight, it's time to adjust the deployment maturity model to avoid these known pitfalls. The following model, derived from user feedback, is ideal. It's simpler and lowers project risk. For easy reference, the traditional model just explained will be referred to as the "horizontal maturity model" and the new model about to be explained will be referred to as the "vertical maturity model."
The vertical maturity model starts with a narrowly defined use case and deploys an end-to-end automated solution for that use case in Phase 1. In other words, all three phases of the horizontal maturity model are tackled all at once but in a smaller scope. Three common approaches in picking a narrow use case are:
Approach No. 1: A single compliance requirement such as the Payment Card Industry Data Security Standard (PCI DSS) or Health Insurance Portability and Accountability Act (HIPAA)
Approach No. 2: A single process such as incident management or vulnerability management
Approach No. 3: A single stack of technologies that make up a critical system
For the selected use case, a fully-automated, closed-loop automation solution with accompanying processes should be designed. The use case should include a combination of process automation and control automation. Once Phase 1 is successful, then the same approach to additional use cases can be replicated. The use cases ought to be narrowly defined, and each use case must achieve "end state" automation within a single phase.