While IT has progressed in Pakistan over the last ten years, effective cyber security implementation has been treated with denial. This has resulted in enterprise networks and IT systems in Pakistan being erected without the essential cyber security protection mechanisms. Today the cyber security implementation in the country is almost a decade behind, thus making it impossible to catch up or secure Pakistan’s IT networks with business-as-usual efforts, or even with automated half-measures.

There is thus an urgent need to catch up for the lost time, by starting to build the missing security structure in Pakistan’s organizations through a minimum three-year Security Transformation Program. Moreover, unless a Cyber Security Maturity Matrix (CSMM) is adopted, the IT industry will continue to evade the hard work and grass-roots level spade work required to build a strong effective cyber security program.

The Delta Tech Cyber Security Maturity Matrix (CSMM) aims to categorize the levels of an effective cyber security program through a sequential series of six stages. Each stage requires specific and measurable security actions which are auditable and certifiable. Thus an independent Cyber Security Certification Board (CSCB) will be able to conduct practical onsite audits to verify that the organization has achieved the specific and measureable steps required to achieve a particular certification stage: Foundation, Fundamentals, Hardened, Protected, Monitored, and Secured.

If all the steps of the lower stage are not fully achieved, the actions associated with a higher stage are quite meaningless, irrelevant, and counter-productive. The Cyber Security Maturity Matrix (CSMM) thus ensures that the practical basic foundational steps are all fully implemented in a sequential manner before more advanced and more expensive (unnecessary) security actions are deployed. It also does not help to jump several stages of the model to try to implement more glamorous and automated technology solutions when the manual essential (unfortunately laborious) steps belonging to lower stages have not been addressed.

Overall, the Cyber Security Maturity Matrix (CSMM) aims to bring practicality and sanity to Pakistan’s organizations by making their cyber security posture and rating measurable, certifiable, transparent, and openly accessible. The relevant stakeholders can then make informed decisions on how to regulate the industry, and manage the risk associated with existing services and launch of new potential services.

The basic premise of the Cyber Security Maturity Matrix (CSMM) is that you can’t improve what you can’t measure, and that effective security has to follow an ordered, proactive, structured program, rather than a haphazard, reactive undertaking. The Delta Tech Cyber Security Maturity Matrix (CSMM) shown in the diagram should be adopted by Pakistan’s government, regulators, organizations, and armed forces organizations as an effective, sequential, certifiable model to standardize security implementation by publishing certification results for relevant stakeholders and within the relevant industry circles.

Nahil Mahmood is a national cyber security expert with 21 years of experience in IT. He heads Pakistan’s leading cyber security solutions provider firm: Delta Tech, as CEO. He can be reached at: nahil@deltatechglobal.net.