Measuring The Effectiveness of Information Security & Privacy Awareness & Training

I’m a longtime advocate of creating a wide range of metrics to determine the effectiveness of the various components of information security, privacy and compliance programs.


In fact, my Protecting Information quarterly newsletter, the accompanying Awareness Advisor tutorial type publication, and my Security Search #1 interactive educational tool have many metrics that I’ve built into them, and that I provide within the packages for organizations to use to maintain their own awareness and training effectiveness metrics. Organizations that have gotten them find them VERY useful. My mathematics degree is being put to use! 🙂
So I was quite interested when Ray Kaplan recently sent me the following information:

“I am on the program committee for the upcoming MiniMetricon workshop just prior to the RSA Conference (http://www.securitymetrics.org). It is an invitation only event that has filled up – 60 people signed up.
One of my duties is to be a session moderator for three talks in the Hard Data section of the workshop. My presenters will be presenting hard numbers from the metrics work that they have been doing.
One of my presenters is a team of Steve Kruse and Bill Pankey. They are presenting their work on their project to gather data on metrics for awareness and training. They are collecting data from a nice, and very comprehensive survey that they put together.
The TinyURL for it is: http://tinyurl.com/djdnlo
They are going to publish their results publicly as soon as they collect some more data. They already have enough to come to MiniMetricon and talk about what they are doing, but could stand a lot more. The more respondents, the merrier.”

I encourage you to participate and provide some real numbers to add to these metrics and make them more meaningful! I really look forward to seeing the results of this survey/experiment; the more data collected, the more valuable the findings.

Tags: , , , , , , , , ,

Leave a Reply