As indicated in prior posts, I am working on a Security Process Reference Model. Given that October is Cybersecurity Awareness Month, I thought it would be ideal to release a sample of the awareness processes.

The Security Process Reference Model includes two Level 3 processes related to Cybersecurity Awareness:

  • 1.1.8 Create and maintain awareness materials
  • 1.1.9 Use, communicate or distribute awareness materials

They are both sub-activities of the Level 2 process 1.1 Define and manage the security policy. The Level 2 process is itself part of the Level 1 meta-process Information security management.

The process flows of the two Cybersecurity Awareness processes can be found below, as well as those of the higher-level processes. Click on the pictures below to enlarge them.

Feel free to comment or provide recommendations via the blog comment section or by contacting us.


This sample only includes the process flow. Each process flow is however also supported by an extended description of each activity, including RACI, key performance indicators (KPI) and critical success factors (CSF), etc. Contact us, if you are interested in these.

Click here for a full overview of all processes currently already available.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply