CMMI Institute

Solutions

Solutions

ISACA enables organizations to elevate and benchmark performance across a range of critical business capabilities, including product development, service excellence, supplier management, and cybersecurity.

What is CMMI?

View the CMMI Model

Value of CMMI

Cybermaturity Platform

    AI Working Group

    Medical Device Discovery Appraisal Program (MDDAP)

    CMMI Acquisition Handbook

    Learning

    Learning

    CMMI® training courses provide guidance for efficient, effective improvement across multiple process disciplines in an organization. Whether you are just getting started with CMMI or have decades of experience, our training courses will move you along your career path.

    Training

    Certifications

    Registered Professionals

    Appraisals

    Published Appraisal Results

    Partners

    Partners

    Our Partners are selected, trained, and licensed by ISACA to deliver authentic services. When you receive CMMI-related services from a Partner, you can be sure that the quality of those services is comparable to the quality you would get from the institute itself.

    Partners

    Quality

    Resources

    Resources

    The CMMI Resource Center is a collection of every digital resource in one place. Browse through our collection of presentations, webinars, articles, case studies, and whitepapers to answer all your CMMI questions.

    Browse All Resources

    Topics

    Types

    News

    News

    Read the latest news, press releases and industry perspectives from CMMI.

    What's New in CMMI?

    Who Uses CMMI?

    Blog

    CMMI in the News

    Press Releases

    Newsroom

    The latest information for media, analysts, and others interested in the CMMI® Institute and process improvement.

    9 in 10 Enterprises Report Gaps Between the Cybersecurity Culture They Have and the One They Want

    With cybersecurity threats continuing to escalate worldwide, the ISACA/CMMI Institute Cybersecurity Culture Report found that just 5 percent of employees think their organization’s cybersecurity culture is as advanced as it needs to be to protect their business from internal and external threats. More than 4,800 business and technology professionals shared their insights in the global research study, conducted via online polling in June 2018. Results were released today at ISACA’s CSX North America cybersecurity conference in Las Vegas.

    Cybersecurity culture is a workplace culture in which security awareness and behaviors are seamlessly integrated into everyone’s daily operations, as well as a strategic executive leadership priority. In a threat-ripe environment, an effective cybersecurity culture can help employees understand their roles and responsibilities in keeping their organizations safe and customer data secure. However, just 34 percent of respondents say they understand their role in their organizations’ cyber culture.

    Companies must take an all-hands-on-deck approach to counter cyberattack threats, the report summarizes.

    “Enlisting the entire workforce to mitigate an enterprise’s cyber risk is an emerging practice,” says Doug Grindstaff II, SVP of Cybersecurity Solutions at CMMI Institute. “We are hearing a lot of feedback about how organizations can move the needle on employee involvement. It’s challenging, but organizations are rightly concerned by the growing sophistication of cyberattacks.”

    Widespread employee involvement correlates strongly with the minority of organizations that have achieved strong satisfaction with their cybersecurity culture. Nine in ten employees (92 percent) at these organizations say that their C-level executives share an excellent understanding of the underlying issues, which may be why they loop-in their employees so well; 84 percent of employees at these organizations say they understand their role in cybersecurity.

    Other critical findings include:

    • Many organizations lack the first—and all-important—step toward a cybersecurity culture: 42 percent of organizations do not have an outlined cybersecurity culture management plan or policy.
    • Aligning the entire workforce with the organization’s cybersecurity policies requires significant capital: Organizations that report a significant gap between their current and desired cybersecurity culture are spending just 19 percent of their annual cybersecurity budget on training and tools; organizations that believe their cybersecurity culture is where it is supposed to be are spending more than twice as much (43 percent).

    “A key motivator for organizations delaying investing in their cybersecurity cultures is a lack of awareness about the attempted threats and ongoing risks, as well as a lack of awareness about the assets at risk to cybersecurity threats,” said Rob Clyde, CISM, NACD Board Leadership Fellow and ISACA Board Chair. “However, individuals tend to underestimate the potential damage and overestimate technology’s ability to limit such incidents. Doing so puts their organizations at serious risk.”

    To download the complimentary survey report, click here.

    About ISACA

    Nearing its 50th year, ISACA (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including 217 chapters worldwide and offices in both the United States and China.

    Twitter: https://twitter.com/ISACANews
    LinkedIn: https://www.linkedin.com/company/isaca 

    About CMMI Institute

    A subsidiary of ISACA Enterprises, CMMI Institute (cmmiinstitute.com) is the global leader in the advancement of best practices in people, process and technology. The Institute provides the tools and support for organizations to benchmark their capabilities and maturity by comparing their operations to best practices and identifying performance gaps. For over 25 years, thousands of high-performing organizations in a variety of industries, including aerospace, finance, healthcare, software, defense, transportation, and telecommunications, have improved their performance and earned a CMMI maturity level rating, and proved they are capable business partners and suppliers.

    Twitter: https://twitter.com/CMMI_Institute
    LinkedIn: https://www.linkedin.com/company/cmmi-institute/