Moving Forward

Once an organization has scored themselves with this model, they can identify key gaps to fill. CTID recommends starting with low complexity high impact levels. When choosing which dimensions to focus on, CTID recommends that organizations work on improving their CTI and Defensive Measures scores as a priority. Testing and evaluating those components is valuable, but a solid CTI and Defenseive measures program must exist to test and evaluate.

For more information about other projects that can improve your threat informed defense programs, visit the CTID’s Projects page.

CTID Projects Page

The INFORM maturity model is meant to be a straightforward, easy-to use tool for organizations to measure their current state, assess progress, and continuously refine and optimize their security posture by prioritizing based on threat-informed principles. CTID continues to provide a number of resources that reinforce or enable continuous improvement in all three of the threat informed defense dimensions. By leveraging INFORM to understand their current maturity level and identifying areas for improvement, organizations can make targeted investments and strategic decisions to strengthen their defenses against the ever-evolving threat landscape. In the long run, this maturity model will help organizations optimize their resources, enhance their cybersecurity capabilities, and better protect their digital assets and infrastructure from potential attacks.