Training
Featured CourseView All Courses
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

Security Awareness Maturity Model

One of the biggest challenges I feel we face in security awareness is its lack of maturity.

Authored byLance Spitzner
Lance Spitzner
One of the biggest challenges I feel we face in security awareness is its lack of maturity. Many fields within information security have developed and matured over the years with entire frameworks built around them, fields such as penetration testing, system hardening, secure software development and digital forensics. However we have no framework or maturity model for awareness. The Security Awareness Maturity Model is an important first step to help address this. Developed by consensus from over twenty different organizations, this model helps organizations identify how mature (or immature) their program is and where they can take it. Learn more about each level by following the links below. Level 1: Non-Existant Program Level 2: Compliance Focused Leven 3: Promoting Awareness & ChangeLevel 4: Long Term Sustainment Level 5: Metrics If you would like to get involved in the development of this model, or other free security awareness resources for the community, shoot me an email and I will add you to the STH-Community maillist.

Meet the expert

Lance Spitzner
Lance Spitzner

Lance Spitzner

Senior Instructor

Lance revolutionized cyber defense by founding the Honeynet Project. At SANS, he has empowered over 350 organizations worldwide to build resilient security cultures, transforming human risk management into a cornerstone of modern cybersecurity.

Read more about Lance Spitzner