In the ISO/IEC 21827:2008 SSE-CMM (Systems Security Engineering Capability Maturity Model), the most significant improvement in maturity occurs when moving from Level 2 (Reactive) to Level 3 (Proactive).
- Level 2 (Reactive): Processes are characterized by being reactive, addressing issues as they arise without a systematic approach to prevention or improvement.
- Level 3 (Proactive): Processes become more proactive, with a focus on anticipating and mitigating issues before they occur. This level involves implementing systematic practices and controls to ensure security measures are in place and effective.
The shift from reactive to proactive reflects a significant advancement in maturity, as it involves moving from handling problems as they come to anticipating and preventing issues through planned and systematic approaches.