Phish Rod Maturity Model Phish Rod Maturity Model

Level 0

PhishRod Maturity Model

Level 1

PhishRod Maturity Model

Q1: Does your organization have a security awareness program?
Q2: Do your employees know that the hackers are trying to steal information by targeting them?
Q3: Do you have an automated and formal mechanism of taking consent regarding security related policies?

Level 2

PhishRod Maturity Model

Q4: Is your program established to meet the compliance requirements or audit standards only?
Q5: Are the training sessions conducted annually or on ad-hoc basis?
Q6: Do you maintain reports of who has and who has not completed the security awareness training?
Q7: Are your employees aware of their role in preventing, identifying and reporting a security incident?

Level 3

PhishRod Maturity Model

Q8: Do you have a dedicated security team to promote cybersecurity awareness?
Q9: Have you ever conducted a human-risk/ cyber skills survey?
Q10: Do you have a baseline assessment for security awareness, phishing readiness and policy compliance?
Q11: Do you have a formal cybersecurity awareness policy and a project charter in place?
Q12: Do you have an enterprise security awareness program in place that defines the topics, learning objectives, execution plan and key performance indicators to measure?
Q13: Are your end-users empowered to report a suspicious email?

Level 4

PhishRod Maturity Model

Q14: How often do you review your awareness program?
Q15: Do you upgrade your awareness program based on the changing technologies and threat landscape?
Q16: How often do you assign the training modules to your staff?
Q17: Do you have an automated phishing incident response framework in place?
Q18: Do you have the capability to analyze, quarantine and delete suspicious emails reported by the end-users?
Q19: Do you maintain status of security awareness, phishing readiness and policy compliance at organizational, department and end-user level?
Q20: Has your security awareness program been successful in changing the behavior and culture of your organization?

Level 5

PhishRod Maturity Model

Q21: Is your security awareness program automated, integrated and analytics driven?
Q22: Do you maintain key performance indicators for security awareness in a quantitative manner?
Q23: Do you maintain key performance indicators for phishing readiness in a quantitative manner?
Q24: Do you maintain key performance indicators for policy compliance in a quantitative manner?
Q25: Do you review the key performance indicators related to security awareness and compliance with end-users and concerned stakeholders?
Q26: Do you maintain threat intelligence database based on the suspicious emails reported by the end-users?
Q27: Do you have the capability to identify the number of security incidents successfully mitigated through end-user engagement?
Q28: Which of the following metrics do you capture as part of your security awareness program?