Cambridge, Mass.-based Forrester Research Inc. has launched a new model to help businesses find and fix gaps in their security programs to enable better overall enterprise security.

Announced this week, the new Information Security Maturity Model, according to Forrester analyst Chris McClean, is similar to the COBIT model in terms of design. "If you're familiar with COBIT, then you'll recognize our new model. …We took [Forrester's] existing framework and other models like COBIT and COSO to see what's out there and made sure our framework was as comprehensive as possible," McClean said.

The idea for a new maturity model came about when Forrester surveyed security risk customers, and an overwhelming number of those surveyed wanted a more comprehensive model. To that end, the Forrester model offers guidance on 25 functions or focus areas, while the COBIT model fully covers only 10, and COSO only seven.

The maturity model specifically rates how well a company prioritizes and manages security functions, the importance of skills in a security team, and the use of tools to secure the IT infrastructure. It has four overarching domains -- oversight, people, process and technology -- that are meant to give a balanced view of a company's security programs and IT environment.

One unique part of this model is the fourth domain, oversight, which offers guidance in areas like governance, risk management, compliance and audit, and is not included in other models