Security Awareness Blog

Security Awareness Maturity Model

One of the biggest challenges I feel we face in security awareness is its lack of maturity. Many fields within information security have developed and matured over the years with entire frameworks built around them, fields such as penetration testing, system hardening, secure software development and digital forensics. However we have no framework or maturity model for awareness. The Security Awareness Maturity Model is an important first step to help address this. Developed by consensus from over twenty different organizations, this model helps organizations identify how mature (or immature) their program is and where they can take it. Learn more about each level by following the links below.

Level 1: Non-Existant Program

Level 2: Compliance Focused

Leven 3: Promoting Awareness & Change

Level 4: Long Term Sustainment

Level 5: Metrics

If you would like to get involved in the development of this model, or other free security awareness resources for the community, shoot me an email and I will add you to the STH-Community maillist.