VEGA Consulting Services Ltd - Securing the Future > Services > Securing Cyberspace > Information Assurance > Information Assurance Maturity Model

• Understanding the Enterprise
• Exploiting Technology
• Securing Cyberspace
  • Information Assurance
    • Information Assurance Maturity Model
    • Security Accreditation
    • Penetration Testing Services
    • Case Studies
  • Secure Systems
• Assuring Programme Delivery

 

Information Assurance Maturity Model

The Information Assurance Maturity Model (IAMM) has been created by the Cabinet Office and CESG to assist Senior Information Risk Owners (SIRO) in measuring and improving their Information Assurance (IA) maturity.

 

The IAMM brings together the requirements of the Security Policy Framework (SPF), ISO27001 and is aligned with The National Information Assurance Strategy. It is being used by che Cabinet Office to set targets and measure progress of information risk management improvements across all UK Central Government Departments. The objectives are to bring all departments to an acceptable level of information assurance maturity, and improve the governance around information risk management across Central Government.

 

The IAMM is also supported by the Information Assurance Assessment Framework (IAAF), which is designed to assist an independent review of progress against the IAMM. Such a review enables organisations to demonstrate ongoing improvements in their IA and Information Risk Management processes as part of their annual reports to Cabinet Office. The IAMM can be used to establish a comprehensive programme of work with clearly identifiable milestones to:

 

1. Embed an Information Risk Management culture within the organisation
2. Implement Best Practice IA measures
3. Plan an effective compliance regime in line with the National IA Strategy

 

How can VEGA support Information Assurance Maturity Model requirements?

Determining the evidence and completing the IAMM is labour intensive. Government departments have the option of auditing themselves or procuring the services of independent assessors to assist in discharging their responsibilities under the IAMM.

 

It is the combination of accurate completion of the IAMM and an expert audit that provides the departmental assurance to the Cabinet Office. Experience has shown that an independent audit can provide a better quality product which may be used to greater affect, both as a change agenda within the department, and as the evidential element of the Cabinet Office report.

 

VEGA has a comprehensive information security capability to provide independent audit, assessment and advice to Government departments on Information Assurance in accordance with the Cabinet Office requirements. Our highly qualified information assuranace consultants – many of whom are CESG Listed Advisor Scheme (CLAS) or ISO 27001 certified – can provide you with a programme of independent assessment or improvement, depending on your IA maturity requirements and goals. This allows you to release valuable internal resources to other tasks whilst our consultants conduct the labour-intensive IAMM process, reviewing and documenting the evidence of your information assurance maturity, and helping you plan your progress to the next levels.

 

Contact VEGA for more information about our information assurance maturity model services