Visual Roadmap
2023
The purpose of this module is to analyse and visulize a shared understanding of how building blocks for IoT cybersecurity interacts, their importance for business, and the timing of each building block.
February 28, 2025
This learning module is part of the building block:
The purpose of this module is to learn about the company’s IoT cybersecurity maturity.
The overall benefit of the tool are the collaborative dialogue and insights that become a common and explicit stepping-stone for further development and discussion of IoT cybersecurity across functions and stakeholders in the company.
The module is based on the situational analysis of each of the four building blocks. If you need a recap on the four building blocks, please consult The building block reference sheet.
The maturity dialogue is a way to take a step back and interpret and further discuss what the situation means.
The maturity dialogue sharpens the situational analysis, underlines the general tendencies in the company’s IoT cybersecurity, and prepares the company for working with their IoT cybersecurity based on a shared understanding.
The maturity concept is based on maturity for each building block. This means that each building block has its own maturity phase depending on how the company works with the tasks related to each building block.
One building block may be more or less mature than the other building blocks or be on the same maturity level.
The point is to avoid applying a general maturity phase to the entire company, which ultimately fits no one. Instead, the focus should remain on the actual IoT cybersecurity work being done by the company within the four building blocks.
The maturity model in itself has three phases. This means that each building block can be in one of the three phases.
The phased are named:
Each phase begins with the word shared. This recurring prefix denotes that the success criteria for each phase is to obtain an agreed upon and shared way of working with IoT cybersecurity in that phase, e.g. a shared practice for working with the quality of IoT cybersecurity for the company’s IoT solutions.
The phases are detailed in the work sheets made for the maturity dialogue.
Also note that:
The maturity dialogue anchors the situational analysis in a broader understanding of the trajectories of IoT cybersecurity development in the company and provides sighting lines into the future of the company’s IoT cybersecurity. At the same time, the tool helps establish a shared language about IoT cybersecurity in the company.
The maturity model is based on 35 interviews with Danish production companies about IoT cybersecurity.
The aim of the tool is for the participating people to 1) recognise and agree upon the maturity of each of the four building blocks in the company, 2) to have a collaborative dialogue about the IoT cybersecurity work being done in each building block, and 3) to use the shared insights into building block maturity to choose the next steps for the company’s IoT-cybersecurity.
To help target the three maturity phases for each building block, we have made two sets of tool sheets for the company’s shared maturity dialogue.
Keywords sheet for all 4 building blocks
Printable version of the tool in large format
The example below shows the keyword sheet for the Organisational building block covering the three maturity phases: shared awareness, shared practice and shared structure.
Each phase of the Organisational building block is described by the same three keywords: responsibility, competencies, and approach to IoT cybersecurity. The progression of the Organisational building block in the maturity phases is shown as changes in responsibility, competencies, and approach respectively.
Just as in the setup of the keyword sheets, the reference sheet also describes the maturity progression in the organisational tasks for IoT cybersecurity, however, in greater detail across the three phases. The reference sheets can sustain the recognition of the phase of a building block as more examples and context are provided.
Reference sheet for all 4 building blocks
Printable version of the tool in large format
The learning is conducted in a collaborative dialogue, ideally combining company representatives from all four building blocks for IoT-cybersecurity: e.g. employees and managers responsible for technical, quality, business and organisational tasks related to IoT-cybersecurity.
Other company stakeholders such as selected board members could also participate.
It doesn’t matter which building block you start with in the maturity dialogue – as long as all building blocks are covered.
It has proven useful to print out at least the keywords sheets and spread them on the table as the dialogue often jumps back and forth between building blocks, comparing their maturity progress in the flow of the dialogue.
There is no ambition of scoring the maturity for each building block or otherwise quantifying its progression.
How to perform the maturity dialogue for IoT cybersecurity using this customised model is shown in this video.
The maturity dialogue includes the following steps:
When you have completed the maturity dialogue, you have created a shared insight into the maturity of your work with IoT cybersecurity for each of the four building blocks in the company.
The insights can confirm which building blocks are already in good shape and highlight which to focus on to be able to handle the current and upcoming IoT cybersecurity risks and demands on your business, including demands from customers and legislation bodies.
The shared cross-functional dialogue creates a common perspective and also highlights the differences in working with and understanding the consequences of IoT cybersecurity in the company. The common perspective has the potential to become a shared frame of reference for cross-functional communication about IoT cybersecurity internally and externally, especially if the IoT cybersecurity responsible persons keep the insights from the maturity dialogue alive in discussions and communication.
It is easy to motivate people to participate in a maturity dialogue based on a simple, but empirically relevant maturity model. "Maturity model” is a well understood concept in both business, quality, organisational and technical settings.
Experience with the maturity dialogue with Danish production companies has shown that it is conceptually easy for company representatives to discuss and recognise their own company based on our worksheets, and that the dialogue sparks motivation and serves as a stepping-stone for the next IoT cybersecurity actions.
The contents described above have been developed in the project:
’CyPro – Cybersecure manufacturing in Denmark’ by Aarhus University, Alexandra Institut, DAMRC, UGLA Insights and FORCE Technology funded by The Danish Industry Foundation. Material from the project is published under licence CC BY-SA 4.0
Get your certificate for this completed building block. Request the certificate and we will send you the personal certificate.