While IT has progressed in Pakistan over the last ten years, effective cyber security implementation has been treated with denial. This has resulted in enterprise networks and IT systems in Pakistan being erected without the essential cyber security protection mechanisms. Today the cyber security implementation in the country is almost a decade behind, thus making it impossible to catch up or secure Pakistan’s IT networks with business-as-usual efforts, or even with automated half-measures.
There is thus an urgent need to catch up for the lost time, by starting to build the missing security structure in Pakistan’s organizations through a minimum three-year Security Transformation Program. Moreover, unless a Cyber Security Maturity Matrix (CSMM) is adopted, the IT industry will continue to evade the hard work and grass-roots level spade work required to build a strong effective cyber security program.
The Delta Tech Cyber Security Maturity Matrix (CSMM) aims to categorize the levels of an effective cyber security program through a sequential series of six stages. Each stage requires specific and measurable security actions which are auditable and certifiable. Thus an independent Cyber Security Certification Board (CSCB) will be able to conduct practical onsite audits to verify that the organization has achieved the specific and measureable steps required to achieve a particular certification stage: Foundation, Fundamentals, Hardened, Protected, Monitored, and Secured.
If all the steps of the lower stage are not fully achieved, the actions associated with a higher stage are quite meaningless, irrelevant, and counter-productive. The Cyber Security Maturity Matrix (CSMM) thus ensures that the practical basic foundational steps are all fully implemented in a sequential manner before more advanced and more expensive (unnecessary) security actions are deployed. It also does not help to jump several stages of the model to try to implement more glamorous and automated technology solutions when the manual essential (unfortunately laborious) steps belonging to lower stages have not been addressed.