SMM Training

Sign up Here for IoT Security Maturity Model Training

Your IoT systems need to be secure, especially in industrial settings where the system can change the physical world, possibly risking life, limb, and the environment. But you don't want to over-invest. That's where the Security Maturity Model (SMM) comes in. It helps you determine your understanding of security needs and prioritize the right places.

Threats present a critical challenge for businesses across all industries, especially those undergoing Digital Transformation or applying Industrial IoT. Of course, your system needs to be secure, but you must spend your time and money in the right places. Recognition of that increases your "security maturity."

The Security Working Group of the Industry IoT Consortium (IIC) has developed a pioneering, comprehensive security maturity assessment model covering governance, enablement, and hardening. The links to the left provide many resources for learning about security, trustworthiness, and security maturity.

IoT customers and technology users across industry verticals such as manufacturing, energy, smart cities, chemical, and pharma want robust security for their systems, but without over-spending. This is essential for companies and individuals in determining:

  • How to decide where to focus your security resources
  • How to identify gaps, analyze them, and build a prioritized roadmap for improvement
  • Appropriate practices that organizations can execute over time to improve their security maturity
  • How to create a Security Maturity profile that closely matches my industry
  • Whether we are ready to invest, and how we support it without over-investing

The IIC offers a Fundamentals-level ½-day course in Security Maturity Modeling and a hands-on ½-day Advanced Security Maturity Modeling Course.

Demand is also growing for assessment services. Companies offering assessment services will want to familiarize themselves with the SMM to broaden their business opportunity. And, to deliver those services to clients and customers, they need to know that you know what you're doing. To that end, IIC offers a Certification Program for individuals in organizations. Sign up now to receive updates for these programs.

Add me to the list

1. IoT Security Maturity Model Fundamentals Course (1/2 Day)

Offered free online for IIC members and US $95 for non-members

The course focuses on three sample practices to help you understand the fundamentals. It is divided into modules; each has several short videos, case studies and exercises

When the exercises are complete, and you receive a score of 75+, you will receive a certificate indicating you have acquired this knowledge, and you will have the option of being listed in the IIC SMM directory.

Get on the mailing List

2. IoT Security Maturity Model Advanced Course (1/2 Day)

Instructor-led course offered quarterly, free for members and US $495 for non-members

Prerequisite: must have passed the knowledge quiz from the Fundamentals course.

The advanced course features an interactive setting covering the remaining 15 practices that may be executed over time, in priority order, to improve an organization's security maturity. The instructors will also discuss the sub-domains and practices within the governance, enablement, and hardening domains.

  • Governance: strategy and governance, risk assessment, supply chain and dependencies management
  • Enablement: identity and access management, asset protection, and data protection
  • Hardening: patch management, situation awareness, event and incident response, continuity of operations

With your instructors and peers in a small group setting, you will discuss options for targeting the correct security maturity level. Ask questions regarding industries and specific devices that are relevant to you. Obtain additional information about additional IIC source documents and resources.

When the course is complete, you will receive a certificate indicating you have acquired this knowledge, and you can be listed in the IIC SMM directory.

Sign up here to be notified of the next course.

Get on the mailing List

3. The SMM Certification Program

Security Maturity Model Certification Program for Individuals

This program certifies that an individual has demonstrated to the Industry IoTConsortium experts they can perform SMM assessments. Candidates for certification should provide requested materials that demonstrate their capability. Those materials will be covered by an NDA between you and the examiners.

Certified SMM Assessors will have a competitive edge across organizations that need to determine their Security Maturity Assessment - the SMM Certification enhances their credentials.

Prerequisites for this program include passing the two SMM courses and providing the materials needed to evaluate whether the applicant is indeed competent. (There are also legal requirements around accepting the conditions of the program and non-disclosure.)

Get on the mailing List

Security Maturity Model Certification Program for Organizations

This program for organizations certifies that designated representatives of a company have demonstrated to the Industrial Internet Consortium that they can perform SMM assessments.

The company will be added to the IIC's SMM Certification Program page. Those seeking a vendor to perform an assessment will choose from several certified assessment companies or individuals. You will receive an SMM assessment badge while participating in the program and an active certification. Companies and individuals will be reassessed periodically or after a new major SMM update.

4. Associated Fees

The cost for an individual will be free to IIC members and US $995 to non-members. The cost to include a company on the SMM Certification Program page is free to IIC members and $995 for non-member companies.

Sign Up for the Pilot Program

The Security Maturity Model Certification Program is presently a pilot. During this period, all fees will be waived.

Disclaimer: The Security Maturity Model ("SMM") helps companies assess whether their security measures meet their security needs and thereby avoid overinvestment or underinvestment in security. Because it applies general principles to specific facts in a rapidly changing environment, it should be used as one of several tools to assess security and cannot be guaranteed. Therefore, THE SMM IS PROVIDED AS-IS AND OMG DISCLAIMS ALL WARRANTIES AND REPRESENTATIONS, EXPRESS OR IMPLIED. WITHOUT LIMITING THE FOREGOING, NEITHER OMG NOR ANY CONTRIBUTORS TO THE SMM (I) WARRANT THAT THE SMM WILL MEET YOUR NEEDS OR PROVIDE ACCURATE MEASUREMENTS OR RECOMMENDATIONS, OR (II) SHALL HAVE ANY RESPONSIBILITY OR LIABILITY FOR THE APPLICATION OR USE OF THE SMM. YOU WAIVE ALL CLAIMS FOR LOSS OR DAMAGE.