Table 6 Comparison of the maturity... | Emerald Publishing

Table 6

Comparison of the maturity models

Comparing factors	Information security awareness maturity models
Comparing factors	ISACM	UAMM	SANS	MMISA
Referred Standard	ISO 27002 (2005)	None	ISO 27002, PCI DSS, SOX, GLBA, HIPAA, NERC, NIST 800, ENISA	None
Focus	IT Stakeholder Groups (IT Staff, Senior Management, End Users)	IT Users	Awareness Programme	Interested Parties
Dimensions of Maturity	Importance, Capability, Risk (Three)	Threat and Countermeasure, Prescription and Discretion (Two)	(One)	Attitude (Approach), Knowledge (Skills and Abilities) (Two)
Number of Maturity Grades	7	5	5	5
Defined Controls, by Grade	Yes	None	None	Yes
Defined Audit Evidence, by Grade	None	None	None	Yes
Supports Audit Work	Partly	None	Partly	Yes

Comparing factors	Information security awareness maturity models
Comparing factors	ISACM	UAMM	SANS	MMISA
Referred Standard	ISO 27002 (2005)	None	ISO 27002, PCI DSS, SOX, GLBA, HIPAA, NERC, NIST 800, ENISA	None
Focus	IT Stakeholder Groups (IT Staff, Senior Management, End Users)	IT Users	Awareness Programme	Interested Parties
Dimensions of Maturity	Importance, Capability, Risk (Three)	Threat and Countermeasure, Prescription and Discretion (Two)	(One)	Attitude (Approach), Knowledge (Skills and Abilities) (Two)
Number of Maturity Grades	7	5	5	5
Defined Controls, by Grade	Yes	None	None	Yes
Defined Audit Evidence, by Grade	None	None	None	Yes
Supports Audit Work	Partly	None	Partly	Yes

Source(s): Authors' own work