Abstract
Every security initiative, including awareness programs, should be collecting metrics so that the effect of the program can be understood and the impacts of changes to the program can be tracked. Unlike measuring technical controls, measuring the effects of a security awareness program can be tricky, and as a result, few trainers track the long-term effectiveness of their awareness programs (Ponemon-SATrends-2014). According to a 2014 Ponemon study, the most common methods organizations use to track training impact is to measure the user’s knowledge right after training or to run user satisfaction surveys. While these metrics can be useful and easy to collect and measure over time, there are many other metrics that could also be considered. Unfortunately, not all metrics can be objectively measured, and the leaders of each organization need to determine which metrics will be informative for them in their unique situation. This makes defining and collecting metrics a mix of art and science. Despite the subjective nature of the problem, there are methods of gathering useful metrics that your organization can use to track the ongoing effectiveness of your security awareness program.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ponemon. The state of information security awareness: Trends and developments. Technical report, Ponemon Institute, 2014. https://www.securityinnovation.com/uploads/pci-ponemon-whitepaper.pdf .
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2017 Jordan Schroeder
About this chapter
Cite this chapter
Schroeder, J. (2017). Metrics and Measures. In: Advanced Persistent Training . Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-2835-7_5
Download citation
DOI: https://doi.org/10.1007/978-1-4842-2835-7_5
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-2834-0
Online ISBN: 978-1-4842-2835-7
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books