The most effective way to thwart targeted, sophisticated and persistent cyber threats is to have a mature cyber-defence program. Secur’s Cybersecurity Defense Maturity Evaluation measures an organization’s alignment to the Unified Enterprise Defense strategy across 13 key evaluation domains and sub-components, to quantify an organization’s cybersecurity defensive posture.

Secur’s Cyber Defense Maturity Evaluation is a repeatable benchmark of an organizations cybersecurity maturity. The evaluation integrates evidence-based approaches and frameworks such as ISO, NIST and CMMI into the Secur Unified Enterprise Defense strategy. This strategy drives a comprehensive evaluation for how an organization both protects and defends the enterprise through proper visibility and effective leverage of threat intelligence.

Built on our Unified Enterprise Defense Strategy

The Unified Enterprise Defense structure was developed by Secur to outline and characterize all of the important elements that an organization must develop and integrate cohesively, to have an effective strategy for protecting and defending an enterprise from all cybersecurity threats.

cybersecurity maturity

Cybersecurity maturity using a Unified Enterprise Defense Strategy

When it comes to cybersecurity maturity, organizations often find themselves straddling multiple levels in a cybersecurity maturity model. This model spans four major states; Foundational, Reactive, Proactive and Adaptive. Using these states as a measurement scale Secur’s Cybersecurity Defense Maturity Evaluation evaluates 13 domains with an emphasis on the following cybersecurity functions:

  • Emerging security capabilities – The enterprise has started to build out capabilities for foundational areas of security aligned to risk. Operations take place in a distributed manner, and a standardized model and consistent approach have not been defined and do not focus on network defense functions.
  • Defined security operations – The enterprise has a baseline of repeatable security operations and may have a dedicated team for network defense. Workloads are cyber response activities, preventing effective defensive operations. Threat intelligence may be leveraged in an ad-hoc capacity.
  • Integrated defensive operations – The enterprise has aligned both aspects of securing the enterprise and defending the enterprise into a well-defined industry model. Threat intelligence is integral to daily operations and feeds detective and defensive strategies.
  • Adaptive intelligence operations – The enterprise has established a mature cyber defence program. Operations continue to mature and adapt through automation efficiencies and partnerships as the threat landscape changes. Custom capabilities are established and threat intelligence managed to the degree that historical data trending enables the security organization to stay ahead of adversaries.

The output of the Cybersecurity Defense Maturity Evaluation enables an organization to focus its attention on specific cybersecurity gaps based on comparison to the benchmark itself, peer behaviors and the market in general. We deliver recommendations on how to address the exposed gaps and increase overall maturity.

Through the application of a repeatable and process-driven collection of intelligence, the Cyber Defense Maturity Evaluation provides organizations with an understanding of their existing cybersecurity posture, visibility to and providing a plan for addressing gaps along with a benchmarking capability to continually measure their cybersecurity effectiveness.


  • Operationally focused – our recommendations provide immediate improvements
  • Detailed analysis – moving beyond “checkbox” compliance
  • Measuring effectiveness and benchmarking – both against your peers and the industry at large
  • Repeatable and adaptable methodology – shows the year over year growth
  • The continuous evolution of benchmarks – reflects leading best practices and evolving market experience