Security Awareness Blog

Security Awareness Roadmap - DRAFT

Several weeks ago I posted about the the Security Awareness Maturity Model. This consensus project was driven by a need for organizations to be able to easily identify how mature their awareness program was, and where they needed to take it. Over twenty organizations help develop the maturity model. Now we have taken the next step and developed the Security Awareness Roadmap (click on the image for the full screen version).

Building on the maturity model, the Roadmap walks you through step-by-step how to achieve each stage of a mature security awareness program, including key deliverables. In addition we provide all the templates, checklists and planning documents you need saving you a tremendous amount of time. Please keep in mind this Roadmap is a working draft, this is not an official release. We are looking to get feedback from people like you on how this Roadmap can be improved, what can we change or add to make this better? If you have any feedback, or would like a high-resolution PDF version of the draft, let us know at


Posted July 23, 2012 at 5:38 PM | Permalink | Reply

Marie Memmer

One way to secure management support is to give a little quiz to your management team. Make it simple, maybe 5 questions, but strive to subtly point out what their weaknesses or misconceptions are. After the questions, your presentation (or "sales pitch") would be to elaborate on your questions. Make it serious, but fun. Questions could be on secure passwords, how long does it take someone to crack an 8 character password? how can you make a secure but easy to remember password?, what data should be encrypted (managers are some of the worst offenders of PII violations), safe/smart use on the internet, what is a cookie and what does it do?, why do we patch? what are the hazards of social media? The questions would emphasize that security just isn't a password change every 60 days. When managers see what they don't know, the likelihood of buy-in is greater.

Posted July 23, 2012 at 5:42 PM | Permalink | Reply


Great suggestions, I like the idea of a management focused survey. Another idea is to try out the employee survey of 25 questions we have posted online. Check out the "Getting Stakeholder Support" section at