Security Awareness Maturity Model arrow

As we continue to grow and mature as a community, so to does our tools and resources. As such we have made some minor changes to the Security Awareness Maturity Model to better clarify what each stage is with more precise titles.  The steps are the exact same to achieving each level.  All we have done is better clarify what each one means.  These changes are especially useful for when communicating to senior management about the status of your program and where you want to take it.

  1. Non-Existent
  2. Compliance Focused
  3. Promoting Awareness & Behavior Change
  4. Long Term Sustainment & Culture Change
  5. Metrics Framework

As always, feedback appreciated.  For more resources on planning your security awareness program, check out the Planning Resources section. Also, heads up I’m working on some ideas to tweak the Lessons Learned documents to be more behavior focused.  More on that coming soon :)