Enterprise Security Architecture Maturity Assessment
Understand how mature your organisation's processes are for creating and maintaining enterprise security architecture artefacts.
About the ESA Maturity Assessment
This free online tool helps security architects, CISOs, and IT governance professionals assess the maturity of their enterprise security architecture. Based on established frameworks including SABSA, it evaluates 45 artefacts across 6 architecture layers using a structured maturity model.
Unlike simple checklists, this assessment focuses on process maturity — how well your organisation creates, maintains, reviews, and retires each security architecture artefact.
Key Features
- ~30 minutes — A focused assessment you can complete in a single sitting or save and return later
- 45 artefacts across 6 layers — From business context through strategy, design, and operations
- Private and free — Your answers stay in your browser. No account needed. No data collected until you choose to share
What You Get
- Interactive maturity heatmap across architecture layers and views
- Radar chart showing your maturity profile
- Per-layer summary highlighting strengths and gaps
- Downloadable summary report (print to PDF)
The Six Architecture Layers
The ESA Maturity Assessment evaluates your security architecture across six complementary layers:
- Contextual Layer — Business context, drivers, and risk appetite that shape security requirements
- Conceptual Layer — Security concepts, principles, and fundamental design decisions
- Logical Layer — Logical security services, policies, and control frameworks
- Physical Layer — Physical security mechanisms, technology patterns, and platform designs
- Component Layer — Specific security products, tools, and technology selections
- Operational Layer — Security operations, monitoring, incident response, and continuous improvement
Maturity Scale
Each artefact is rated on a 0–5 maturity scale measuring the process to create, maintain, and govern it:
- 0 — Non-existent: No process exists
- 1 — Initial: Ad hoc, reactive
- 2 — Developing: Some structure, not consistent
- 3 — Defined: Documented and standardised
- 4 — Managed: Measured and controlled
- 5 — Optimising: Continuously improving
Who Is This For?
The Enterprise Security Architecture Maturity Assessment is designed for:
- Security Architects and Enterprise Architects
- Chief Information Security Officers (CISOs)
- IT Governance and Risk Management professionals
- Security consultants and advisory firms
- Organisations seeking to benchmark their security architecture capability
Frequently Asked Questions
What is an Enterprise Security Architecture Maturity Assessment?
An Enterprise Security Architecture (ESA) Maturity Assessment evaluates how mature your organisation's processes are for creating, maintaining, reviewing, and retiring security architecture artefacts. It measures process maturity across six architecture layers — from business context through strategy, design, and operations — using a 0–5 maturity scale.
How long does the ESA Maturity Assessment take?
The assessment takes approximately 30 minutes to complete. You can save your progress and return later. It covers 45 artefacts across 6 architecture layers.
Is the ESA Maturity Assessment free?
Yes, the assessment is completely free. No account is required, and your data stays in your browser until you choose to share results.
What architecture layers does the assessment cover?
The assessment covers six architecture layers: Contextual (business context and drivers), Conceptual (security concepts and principles), Logical (logical security services), Physical (physical security mechanisms), Component (security products and tools), and Operational (security operations and management).