Certified Information Systems Auditor (CISA) — Question 297

Which of the following is the BEST use of a maturity model in a small organization?

Answer options

• A. To assess the current maturity level and the level of compliance with key controls
• B. To identify required actions to close the gap between current and desired maturity levels
• C. To benchmark against peer organizations that have attained the highest maturity level
• D. To develop a roadmap for the organization to achieve the highest maturity level

Correct answer: B

Explanation

The correct answer is B because it focuses on identifying specific actions needed to move from the current state to the desired maturity state, which is essential for improvement. Options A, C, and D, while useful, do not directly address the critical need for actionable steps to close maturity gaps.