apiperCIS
commented
5 years ago Sub-Control Dependencies 17.1 Results of the skills gap analysis
Inputs 1) Skills gap topics (areas of weakness as determined by the skills gap analysis in Sub-Control 17.1) 2) Modules/topics covered in the organization's security awareness training
Operations 1) For each skills gap in Input 1, determine if that topic is adequately covered in the organization's security awareness training program (Input 2). Create a list of the topics that are adequately covered (M1) and a list of the topics that are not adequately covered (M2) including notes on what needs to be added to achieve adequate coverage of the topic.
Measures M1: List of skills gap topics that are adequately covered in the organization's security awareness training M2: List of skills gap topics that are not adequately covered in the organization's security awareness training M3: Count of skills gap topics that are adequately covered in the organization's security awareness program (count of M1) M4: Total count of skills gap topics (count of Input 1)
Metrics Ratio of skills gap topics that are adequately covered in the organization's security awareness training: M3 / M4
Deliver training to address the skills gap identified to positively impact workforce members' security behavior.
Measures
Metrics