├── VERSION ├── CTEMMM_v1.0.0.pdf ├── CTEMMM_v1.0.0.xlsx ├── CTEMMM_Companion_Guide_v1.0.0.pdf ├── CTEMMM_Examples_and_Use_Cases_v1.0.0.pdf ├── CHANGELOG.md ├── TRADEMARK.md ├── LICENSE.md └── README.md /VERSION: -------------------------------------------------------------------------------- 1 | VERSION 2 | 1.0.0 3 | -------------------------------------------------------------------------------- /CTEMMM_v1.0.0.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jonathanristo/CTEMMM/HEAD/CTEMMM_v1.0.0.pdf -------------------------------------------------------------------------------- /CTEMMM_v1.0.0.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jonathanristo/CTEMMM/HEAD/CTEMMM_v1.0.0.xlsx -------------------------------------------------------------------------------- /CTEMMM_Companion_Guide_v1.0.0.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jonathanristo/CTEMMM/HEAD/CTEMMM_Companion_Guide_v1.0.0.pdf -------------------------------------------------------------------------------- /CTEMMM_Examples_and_Use_Cases_v1.0.0.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jonathanristo/CTEMMM/HEAD/CTEMMM_Examples_and_Use_Cases_v1.0.0.pdf -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## v1.0.0 – 2025-12-17 4 | - Initial canonical release of the CTEM Maturity Model (CTEMMM) 5 | 6 | Future versions will document only meaningful changes to the model 7 | (e.g., lifecycle changes, maturity intent changes, or domain structure changes), 8 | not editorial or wording refinements. 9 | -------------------------------------------------------------------------------- /TRADEMARK.md: -------------------------------------------------------------------------------- 1 | # Trademark Notice 2 | 3 | **CTEMMM™** is a trademark of **ZenzizenSec Inc.** 4 | 5 | The trademark exists solely to identify the **Continuous Threat Exposure Management Maturity Model** and to prevent misleading, confusing, or deceptive use of the name. 6 | 7 | --- 8 | 9 | ## Permitted Use (No Permission Required) 10 | 11 | Use of the name **CTEMMM™** is permitted without permission when used to refer to the model in: 12 | 13 | - Consulting, advisory, and professional services 14 | - Education, training, and academic materials 15 | - Research, publications, and presentations 16 | - Vendor materials describing alignment, mapping, or support 17 | - Assessments, reports, and maturity discussions 18 | 19 | Such use must not imply endorsement, certification, sponsorship, or official status. 20 | 21 | --- 22 | 23 | ## Restricted Use (Permission Required) 24 | 25 | The **CTEMMM™** trademark may not be used without written permission from ZenzizenSec Inc. to: 26 | 27 | - Imply official endorsement, certification, or accreditation 28 | - Brand products, services, or platforms as “official CTEMMM” 29 | - Rebrand, rename, or modify the name of the model 30 | - Represent ownership, governance, or stewardship of CTEMMM by another entity 31 | 32 | --- 33 | 34 | ## No Endorsement 35 | 36 | Use of the CTEMMM™ name does not imply endorsement by Jonathan Risto or ZenzizenSec Inc. 37 | 38 | --- 39 | 40 | ## Purpose of the Trademark 41 | 42 | The trademark protects the **identity and integrity** of CTEMMM while ensuring the model remains **open, neutral, and broadly usable**. 43 | 44 | It is not intended to restrict legitimate reference, education, consulting, or assessment use. 45 | 46 | --- 47 | 48 | ## Contact 49 | 50 | For trademark-related inquiries only: 51 | **license@zenzizensec.com** 52 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | # CTEMMM License 2 | 3 | **Continuous Threat Exposure Management Maturity Model (CTEMMM)** 4 | Copyright © 2025 ZenzizenSec Inc. 5 | Authored by Jonathan Risto 6 | 7 | All rights reserved. 8 | 9 | --- 10 | 11 | ## Purpose 12 | 13 | The Continuous Threat Exposure Management Maturity Model (CTEMMM) is an open, reference-based maturity model intended to support the understanding and improvement of Continuous Threat Exposure Management (CTEM) practices across organizations and industries. 14 | 15 | This license is designed to encourage broad, frictionless adoption and reference of CTEMMM while preventing rebranding, resale, or enclosure of the model itself. 16 | 17 | --- 18 | 19 | ## Permitted Use (No Permission Required) 20 | 21 | CTEMMM may be used freely and without permission, in both commercial and non-commercial contexts, for the following purposes: 22 | 23 | - Internal organizational assessments and maturity evaluations 24 | - Advisory, consulting, and professional services 25 | - Client reports, presentations, workshops, and recommendations 26 | - Education, training, and instructional use (including paid courses) 27 | - Public or private reference to CTEMMM, including lifecycle phases, domains, categories, and maturity levels 28 | - Mapping or alignment to CTEMMM by vendors, consultants, or organizations 29 | - Academic research, citation, and publication 30 | 31 | No fee, registration, notification, or approval is required for these uses. 32 | 33 | --- 34 | 35 | ## Attribution 36 | 37 | When CTEMMM is referenced, the name “CTEMMM” and the applicable version (for example, CTEMMM v1.0) must be retained. 38 | 39 | Attribution may be simple and contextual (for example: 40 | “Aligned to CTEMMM v1.0”) and does not require logos or prominent branding. 41 | 42 | --- 43 | 44 | ## Restricted Use (Permission Required) 45 | 46 | The following uses require explicit written permission from ZenzizenSec Inc.: 47 | 48 | - Rebranding, renaming, or presenting CTEMMM as a proprietary or differently named model 49 | - Selling, licensing, or distributing CTEMMM as a standalone product or paid deliverable 50 | - Embedding CTEMMM directly into commercial software products, SaaS platforms, or hosted tools 51 | - Issuing certifications, accreditations, or claims of “official” CTEMMM assessment or endorsement 52 | - Representing CTEMMM as owned, governed, or maintained by another entity 53 | 54 | These restrictions exist to preserve the integrity and neutrality of the model, not to limit its use. 55 | 56 | --- 57 | 58 | ## No Endorsement 59 | 60 | Use of CTEMMM does not imply endorsement by Jonathan Risto or ZenzizenSec Inc. 61 | 62 | --- 63 | 64 | ## Stewardship and Stability 65 | 66 | CTEMMM is stewarded by ZenzizenSec Inc. Core lifecycle concepts and maturity intent are intended to remain stable across versions to support long-term adoption and reference. 67 | 68 | --- 69 | 70 | ## Plain-Language Summary (Non-Binding) 71 | 72 | CTEMMM is: 73 | 74 | - Free to use 75 | - Free to assess against 76 | - Free to reference 77 | - Free to teach and consult with 78 | 79 | Permission is only required to sell the model itself, rebrand it, embed it in commercial software, or claim official certification or endorsement. 80 | 81 | --- 82 | 83 | ## Contact 84 | 85 | For restricted-use licensing inquiries only: 86 | license@zenzizensec.com 87 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CTEM Maturity Model (CTEMMM) 2 | 3 | **Current version:** v1.0.0 4 | **Release date:** 2025-12-17 5 | 6 | The **Continuous Threat Exposure Management Maturity Model (CTEMMM)** is a reference-based maturity model designed to help organizations assess, understand, and improve their Continuous Threat Exposure Management (CTEM) capabilities. 7 | 8 | CTEMMM provides a structured way to evaluate CTEM maturity across lifecycle phases, domains, and categories, enabling consistent assessment, prioritization, and improvement planning across organizations and industries. 9 | 10 | --- 11 | 12 | ## Purpose 13 | 14 | CTEMMM is intended to be: 15 | 16 | - A **shared reference model** for CTEM maturity 17 | - A **neutral assessment framework** usable across tools and vendors 18 | - A foundation for **maturity evaluation, gap analysis, and roadmap planning** 19 | - A common language for **security, risk, and leadership discussions** 20 | 21 | The model is designed for use by enterprises, consultants, educators, researchers, and vendors. 22 | 23 | --- 24 | 25 | ## What CTEMMM Is (and Is Not) 26 | 27 | **CTEMMM is:** 28 | - A maturity model for CTEM capabilities 29 | - Tool-agnostic and vendor-neutral 30 | - Suitable for internal assessments and external advisory use 31 | - Designed for long-term stability and reference 32 | 33 | **CTEMMM is not:** 34 | - A product or platform 35 | - A prescriptive implementation guide 36 | - A certification or compliance standard 37 | - A replacement for CTEM strategy or tooling 38 | 39 | --- 40 | 41 | ## Repository Contents 42 | 43 | This repository contains the canonical CTEMMM v1.0.0 artifacts: 44 | 45 | - **CTEMMM_v1.0.0.pdf** 46 | The core CTEM Maturity Model 47 | 48 | - **CTEMMM_Companion_Guide_v1.0.0.pdf** 49 | Detailed explanations of domains, categories, and maturity intent 50 | 51 | - **CTEMMM_Examples_and_Use_Cases_v1.0.0.pdf** 52 | Practical examples and applied use cases 53 | 54 | - **CTEMMM_v1.0.0.xlsx** 55 | Assessment and scoring worksheet 56 | 57 | --- 58 | 59 | ## How to Use CTEMMM 60 | 61 | CTEMMM may be used to: 62 | 63 | - Perform internal or external CTEM maturity assessments 64 | - Identify capability gaps and improvement priorities 65 | - Support CTEM program design and roadmap planning 66 | - Align stakeholders on CTEM scope and maturity expectations 67 | - Communicate CTEM maturity to leadership and governance bodies 68 | 69 | CTEMMM is designed to be adaptable to different organizational sizes, industries, and risk profiles. 70 | 71 | --- 72 | 73 | ## Licensing and Trademark 74 | 75 | CTEMMM is released under a reference-friendly license that allows free use, assessment, consulting, training, and academic reference. 76 | 77 | - See **LICENSE.md** for usage terms 78 | - See **TRADEMARK.md** for trademark guidance 79 | 80 | Use of CTEMMM does not imply endorsement or certification. 81 | 82 | --- 83 | 84 | ## Versioning and Stability 85 | 86 | CTEMMM follows semantic-style versioning. 87 | 88 | - **v1.0.0** is the initial canonical release 89 | - Future versions will introduce only **meaningful structural or intent changes** 90 | - Editorial or wording refinements may occur without version increments 91 | 92 | A summary of changes is maintained in **CHANGELOG.md**. 93 | 94 | --- 95 | 96 | ## How to Cite 97 | 98 | When referencing CTEMMM, please use: 99 | 100 | > CTEM Maturity Model (CTEMMM) v1.0.0, ZenzizenSec Inc., 2025. 101 | 102 | --- 103 | 104 | ## Stewardship 105 | 106 | CTEMMM is stewarded by **ZenzizenSec Inc.** 107 | Authored by **Jonathan Risto**. 108 | 109 | The model is intended to remain open, stable, and broadly usable while preserving its integrity and identity. 110 | 111 | --- 112 | 113 | ## Contact 114 | 115 | For licensing or trademark inquiries only: 116 | **license@zenzizensec.com** 117 | --------------------------------------------------------------------------------