Security Architecture Maturity Assessment

Baselining Enterprise Security Architecture Capabilities

DLC’s Enterprise Security Architecture Maturity Assessment (ESA MA) is based on the SABSA ESA Framework and Methodology. The ESA MA is used to baseline a client’s current ESA maturity by developing a clear understanding of the current state of the organization’s enterprise cybersecurity program, the underlying architectural elements driving it, the architecture’s capability to enable and add value to the enterprise, the maturity of security architectural thinking, and the degree to which security architectural practices are integrated into the organization. The Security Architecture Maturity Assessment evaluates and scores security processes and the artifacts produced using a six-level scale, from non-existent to optimized. The scored elements are then organized and correlated, using the SABSA ESA Framework, and analysed to identify gaps between as-is and desired maturity, and to define an ESA Roadmap that is used to plan and guide transformation of the ESA capability by closing identified gaps to planned levels of maturity.


DLC’s ESA MA delivers value by

  • Determining current ESA capabilities
  • Assessing how ESA and the security programme fit within the organisation, including their roles and reputation
  • Articulating the current value proposition of the ESA
  • Identifying priorities for realizing benefits
  • Identifying where and how to begin the ESA transformation effort


The ESA MA involves a comprehensive review of current cybersecurity programme elements to develop a holistic understanding of the enterprise, current ESA capabilities. and how current ESA capabilities contribute value to the organization. Documentation review is supplemented with interviews and facilitated workshops, as required, to deepen understanding and begin building consensus for the ESA program. 

Security programme elements reviewed include documentation relating to the organisation’s enterprise strategy, goals and objectives; organisation charts; inflight programs and initiatives; current information security program, including policies and procedures; in-flight security programme initiatives; risk assessments, and other relevant documentation required to develop a holistic understanding of the enterprise, current ESA capabilities, and how current ESA capabilities contribute value to the organisation.


The ESA MA delivers a comprehensive assessment of the organisations current ESA capabilities, establishing a foundation for developing an ESA MA Gap Assessment and ESA Roadmap for delivering a business-driven uplift of ESA capabilities to targeted levels that will demonstrably enable the enterprise to fully align security with enterprise goals and objectives, understand ESA’s value to the enterprise, and articulate the ESA value proposition to stakeholders inside and outside the organization.

An ESA Maturity Assessment lays the foundation for developing an effective Security Strategy.