This is the final phase where the security awareness capability is fully developed. Threat intelligence is now being provided in reports that are applicable to the users that receive them. For example, the users in the regions depicted in the following figure are informed about threats that exist in those countries that are currently being reported by threat intelligence sources. This allows them to take this cyber intelligence and use it when they make decisions on the actions that they take:

If you are thoroughly confused at this point, I don't blame you. The question I would be asking is:

• How is developing a security awareness capability in accordance with the Capability Maturity Model going to give us another set of eyes?

The answer is how we will incorporate the user into IT Ops processes to help us know what we don't know.