Comparative analysis of cybersecurity awareness frameworks: Effectiveness and scope

Cybersecurity awareness is a critical component in protecting organizations and individuals from cyber threats. However, the effectiveness and applicability of existing cybersecurity awareness frameworks vary widely, leading to confusion and inconsistent implementation. This paper addresses this gap by conducting a comparative analysis of the state-of-the-art cybersecurity awareness frameworks, including the ENISA Cybersecurity Awareness Raising, the SANS Security Awareness Maturity Model, and the local framework, the National Cyber Security Baseline by NACSA Malaysia. This paper also includes three cybersecurity governance frameworks, namely ISO/IEC 27001, COBIT, and NIST Cybersecurity Framework. The comparison highlights effectiveness and scope, offering practical insights for organizations, and enriches the existing body of literature. This paper aims to support fellow researchers and practitioners in making informed decisions and advancing more effective cybersecurity awareness initiatives. The study concludes that no single framework is universally sufficient; instead, combining awareness-focused and governance-driven models yields a more comprehensive and practical strategy for strengthening cybersecurity resilience.