Skip to main content
it solutions & consulting services

We achieved SSAE 19 CIS Security Maturity Level 3.17

We achieved SSAE 19 CIS Security Maturity Level 3.17 - and you can, too!

We achieved SSAE 19 CIS Security Maturity Level 3.17
June 22, 2022 |

Whether you’re new to IT or have decades of experience, you most likely know there’s a tremendous need for cyber security. Security risks are everywhere in today’s connected world, impacting individuals and organizations alike. Strengthening security is critical as attacks increase in volume, complexity, and severity. Here, at Endurance-IT, cybersecurity is deeply ingrained in our culture. We are dedicated to preventing, detecting, and responding to cyber threats at every scale. As a result, we’re proud to announce that we have achieved the elite SSAE 19 CIS Security Maturity Level 3.17. At maturity level 3, an organization has achieved all the specific and generic goals of the process areas assigned to maturity levels 2 and 3. At maturity level 3, processes are well characterized and understood and are described in standards, procedures, tools, and methods. This means that we’ve committed to and practice a documented, formal process with an eye toward scale and automation in regards to cybersecurity. In terms of technology, it means we have invested in and built an enterprise security technology architecture with increased focus on incident prevention, detection and response. Additionally, it incorporates elements of identity management and data security to deal with cloud and mobile computing security. “Our business relationships are built on trust. And growth is part of our mission, and SSAE 19 CIS Security Maturity Level 3.17 certification widens the scope of organizations we may support and guarantees that we are up-to-date on the latest and most rigorous methods and tools available to protect valuable client information,'' said our president, Blake White. 

Today, the business world requires that you fend off attacks while you’re evolving - and the cyber security world is constantly evolving. So, what does it mean to achieve security maturity? “Security maturity” refers to an organization’s security position relative to its risk environment and tolerances. The risk scenarios will vary greatly according to the organizational environment, as each organization has its own security risk culture. Thus, the level of maturity of the organization is determined by how efficiently it implements security controls, reporting, and processes. There are five levels of security maturity:

  1. Information security processes are unstructured and policies undocumented. In this scenario, controls are not automated or reported to the business and are often limited to foundational controls, such as scanning.
  2. Information security processes are established and policy is informally defined— but only partially applied. In this case, some automation may exist, but with limited business reporting.
  3. There is more attention to policy documentation, implementation, and automation of controls, with greater levels of reporting.
  4. The organization controls its information security processes with comprehensive policies, widespread implementation, a high degree of automation, and business reporting.
  5. The organization has achieved high security maturity. The policy is comprehensive and formally adopted, full deployment and automation of controls have been achieved, and business reporting occurs across all systems. Information security processes are constantly optimized through monitoring. The organization has a cybersecurity-first culture.

Moving from reactive to proactive is a big challenge for many companies. If you’re just monitoring and blocking, you’re in reactive mode. If you’re proactive and taking a risk-based approach, you’re proactive. Wherever you are in your security maturity journey, keep going - your clients are counting on you! Here’s a list of five actions that you can take today toward greater security maturity:

  1. Create a culture of continuous improvement
  2. Prioritize security in a security-first approach
  3. Automate security controls
  4. Adopt a cybersecurity model
  5. Make cybersecurity a board issue - not just an IT issue

If you have a question about security maturity, reach out. We’d love to speak with you.

Additional Photos

We'll take care of every detail.

Even if you don't know exactly what you need, our experts make it easy to talk about your project and work out the requirements. We'll quickly help frame it up and add some structure so it can be properly estimated and ultimately developed and delivered.