One of the biggest challenges I feel we face in security awareness is its lack of maturity.  Many fields within information security have developed and matured over the years with entire frameworks built around them, fields such as penetration testing, system hardening, secure software development and digital forensics.  However we have no framework or maturity model for awareness.   The Security Awareness Maturity Model is  an important first step to help address this.   Developed by consensus from over twenty different organizations, this model helps organizations identify how mature (or immature) their program is and where they can take it.  Learn more about each level by following the links below. Level 1: Non-Existant Program Level 2: Compliance Focused Leven 3: Promoting Awareness & Change Level 4: Long Term Sustainment Level 5: Metrics If you would like to get involved in the development of this model, or other free security awareness resources for the community,  shoot me an email  and I will add you to the STH-Community maillist.
About the Author
Thumbnail

Lance Spitzner

Director, SANS Security Awareness
Lance has over 20 years of security experience in cyber threat research, awareness and training. He invented the concept of honeynets, founded the Honeynet Project and helped pioneer the field of cyber intelligence. Lance has published three security books, consulted in over 25 countries and helped hundreds of organizations establish mature security awareness programs. Lance serves on the Board for the NCSA, is a frequent presenter, serial tweeter ( @lspitzner ) and works on numerous community security projects. He served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.