The adoption of Building Information Modeling (BIM) in architectural Brazilian offices has been rapidly increasing due to the numerous benefits it provides architects in their design decision-making process. However, when using BIM, information related to the physical and functional aspects of the building can be read and interpreted by computers. As a result, this information becomes vulnerable to intentional or accidental cyber-attacks. Considering this, it is essential for architects to employ strategies to safeguard project information. This paper proposes a maturity model for the adoption of information management and security, specifically tailored to architectural firms that utilize BIM in their project development. The model is structured based on guidelines found in the ISO 19650 series, as well as the General Data Protection Law and other relevant directives. Additionally, a risk matrix was developed in conjunction with an analysis of documents from companies that have incorporated BIM into their projects. The maturity model outlines pathways for architectural firms to implement measures that ensure information security throughout project development. These measures contribute to advancing BIM adoption while considering the risks associated with innovative processes.