عرض محتوى الويب عرض محتوى الويب

Phish Rod Maturity Model Phish Rod Maturity Model

Level 0

Cyber Security Awareness Assessment is designed to help the organizations in determining the maturity of their end user awareness program.



  • You will be requested to answer a minimum of 3 to a maximum of 25 multiple choice questions, to determine the effectiveness of your awareness program.

Level 1

1:
Does your organization have a security awareness program?
2:
Do your employees know that the hackers are trying to steal information by targeting them?
3:
Do you have an automated and formal mechanism of taking consent regarding security related policies?

Level 2

4:
Is your program established exclusively to meet the compliance requirements?
5:
Are the training sessions conducted annually or on ad-hoc basis?
6:
Do you maintain reports of who has and who has not completed the security awareness training?
7:
Are your employees aware of their role in preventing, identifying and reporting a security incident?

Level 3

8:
Do you have a dedicated security team to promote cybersecurity awareness?
9:
Have you ever conducted a human-risk/ cyber skills survey?
10:
Do you have a baseline assessment for security awareness, phishing readiness and policy compliance?
11:
Do you have a formal cybersecurity awareness policy and a project charter in place?
12:
Do you have an enterprise security awareness program in place that defines the topics, learning objectives, execution plan and key performance indicators to measure?
13:
Are your end-users empowered to report a suspicious email?

Level 4

14:
How often do you review your awareness program?
15:
Do you upgrade your awareness program based on the changing technologies and threat landscape?
16:
How often do you assign the training modules to your staff?
17:
Do you have an automated phishing incident response framework in place?
18:
Do you have the capability to analyze, quarantine and delete suspicious emails reported by the end-users?
19:
Do you maintain status of security awareness, phishing readiness and policy compliance at organizational, department and end-user level?
20:
Has your security awareness program been successful in changing the behavior and culture of your organization?

Level 5

21:
Is your security awareness program automated, integrated and analytics driven?
22:
Do you maintain key performance indicators for security awareness, phishing readiness and policy compliance in a quantitative manner?
23:
Do you review the key performance indicators related to security awareness and compliance with end-users and concerned stakeholders?
24:
Do you maintain threat intelligence database based on the suspicious emails reported by the end-users?
25:
Do you have the capability to identify the number of security incidents successfully mitigated through end-user engagement?