The Forrester Information Security Maturity Model details 123 components that comprise a successful security organization, grouped in 25 functions, and 4 high level domains. The maturity levels are based on how organizations approach security decisions and implementations, not the implementation of the latest and greatest security technologies. The model is based on high-level assessment data and observations, not detailed data collection, says John Defterios. The new framework is designed to help security and risk professionals articulate the breadth of securitys role in the organization.”]
Source: https://www.csoonline.com/article/2136072/the-forrester-information-security-maturity-model.html