Today, security concerns are at the heart of information systems, both at technological and organizational levels. So, Information Security has become an essential support for the business strategy of organization. Therefore, many studies on information security have been carried out. Some refer specifically to maturity models of information security management (ISM). Starting from an analysis of existing literature, Matrane and al. have developed a new maturity model for information security management. In this paper, we aim to validate this maturity model, which leads to determine the level of maturity in security information management. This model will be validated by two approaches. The first is a pilot test of the new maturity model of (ISM) in a Moroccan medium-sized enterprise (SMEs), in order to demonstrate its capacity of assessing the maturity of ISM and whether it can develop an improvement roadmap. The second is an empirical investigation in Moroccan SMEs by using a survey to depict whether it can evaluate the maturity of (ISM) in different industries.

Keywords: Maturity Models, Information Security, Management, Roadmap, Pilot test, empirical investigation.