One of the biggest challenges I feel we face in security awareness is its lack of maturity.  Many fields within information security have developed and matured over the years with entire frameworks built around them, fields such as penetration testing, system hardening, secure software development and digital forensics.  However we have no framework or maturity model for awareness.   The Security Awareness Maturity Model is  an important first step to help address this.   Developed by consensus from over twenty different organizations, this model helps organizations identify how mature (or immature) their program is and where they can take it.  Learn more about each level by following the links below. Level 1: Non-Existant Program Level 2: Compliance Focused Leven 3: Promoting Awareness & Change Level 4: Long Term Sustainment Level 5: Metrics If you would like to get involved in the development of this model, or other free security awareness resources for the community,  shoot me an email  and I will add you to the STH-Community maillist.