“Are we secure?” It’s the most dreaded question that information security and risk management professionals need to answer. Compliance is a useful starting point, but the number of “compliant” organizations who still suffered a data breach is proof positive that compliance simply isn’t enough. That’s where maturity models come into play. In this presentation, I’ll show you how to apply a capability maturity model (CMM) to your identity and access management (IAM) program, using that model to assess where you are today. I’ll also share tools and techniques you can use to accelerate improvements to your program.