The security maturity of an organization is in how it runs securely and not in what it says it does about security. Therefore SOMA (Security Operations Maturity Architecture) offers a new approach to defining security operations and the security in management processes through operational security testing and analysis. SOMA provides a framework which allows an organization to measure its actual security maturity and use that to improve security infrastructure, change policy, adjust the security budget, or even to define new strategy. Being able to show your current security maturity by how you run your operations is beneficial for partnerships, customers, shareholders, and compliance legislation. Even better if you can do this through existing security maintenance.
SOMA is both logical and comprehensive for organizations already using standards such as COBIT, ITIL, CMMI, ISO17799, ISO27001, OCTAVE, and the OSSTMM. It is structured into maturity levels based on operational security metrics so that organizations can choose an appropriate level for their business and move in stages towards it.
For those looking for a security maturity model, need a certifiable security management process, or require a comprehensible method for structuring security processes, the SOMA project will provide the answer.