Intuitively one would be inclined to think that improving organizational security capabilities would increase overall organizational security maturity. As maturity increases, better controls/risk mitigations would be designed and implemented, leading to lower residual risk levels. This would suggest a negative correlation between maturity and risk.

Assume there is a maturity scale of 1 to 5 and a risk scale of 0 to 100.

Does anybody know how risk and maturity would relate and/or how much correlation would be reasonable to expect?

More Pieter van de Griend's questions See All
Similar questions and discussions