A Maturity Model for Password Security Education

Abstract

This paper introduces the Password Security Education Maturity Model (PSEMM), a comprehensive framework designed to guide organizations in systematically improving their password security practices through a structured progression of educational and operational stages. The model delineates five levels of maturity, Naivety, Foundational Awareness, Active Engagement, Embedded Security Habits, and Adaptive Security Mindset each representing a step forward in the development of robust password security protocols and a culture of security awareness. The development of the PSEMM is grounded in a systematic literature review (SLR) that identified 989 articles that were then screened for inclusion eligibility, which eventually resulted in 12 articles being used to identify key themes and gaps in existing cybersecurity education models. Through this rigorous analysis, the study pinpointed the need for a specialized maturity model that not only addresses the technical aspects of password management but also emphasizes the critical role of continuous education and employee engagement. The PSEMM fills this gap by offering a clear, adaptable pathway for organizations of varying sizes and sectors to enhance their cybersecurity posture. The model’s applicability is demonstrated through its alignment with modern security practices, such as multi-factor authentication and password management tools, ensuring its relevance in today’s rapidly evolving digital terrain. This paper contributes to the field of cybersecurity education by providing a validated, practical tool for systematically advancing password security across organizational contexts. The PSEMM stands as a vital resource for organizations seeking to mitigate the risks associated with poor password practices, ultimately fostering a more resilient cybersecurity environment.