An organization with no formal policies or processes relating to security risk management will find it difficult to put all aspects of the process into practice. The solution is to take the time to assess your organization’s maturity level. Experts say maturity has to do with building the capacity to make processes repeatable. The Information Security Program Maturity Grid lays out five the stages of security maturity, which are uncertainty, awakening, enlightenment, wisdom, and benevolence, says Timothy R. Stacey, author of the National Institute of Standards and Technology seminar.”]
Source: https://www.cuinfosecurity.com/ready-for-risk-management-a-613