Open adammontville opened 5 years ago
wmunyan
commented
5 years ago Amount of time between employee onboarding and initial security awareness training Frequency of training on security awareness program Frequency of assessment on security awareness program Trending of assessment score over time
apiperCIS
commented
5 years ago Inputs 1) List of workforce members 2) List of most recent security awareness training completion dates for each workforce member 3) Required frequency of training (at least annually)
Operations 1) For each workforce member in Input 1, check Input 2 to see if that workforce member's most recent security awareness training completion date was within the time frame specified by Input 3 (if the workforce member is not listed in Input 2, assume the workforce member is not compliant). Generate a list of compliant workforce members (M1) and a list of non-compliant workforce members (M2).
Measures M1: List of workforce members who have completed the security awareness training within the specified time frame (compliant list) M2: List of workforce members who have not completed the security awareness training within the specified time frame (non-compliant list) M3: Number of workforce members in the compliant list (M1) M4: Number of workforce members in the non-compliant list (M2) M5: Total number of workforce members in Input 1
Metrics Coverage: M3 / M5
Note: A more advanced measure would involve comparing assessment scores over time to measure the effectiveness of the training program.
Create a security awareness program for all workforce members to complete on a regular basis to ensure they understand and exhibit the necessary behaviors and skills to help ensure the security of the organization. The organization's security awareness program should be communicated in a continuous and engaging manner.
Measures
Metrics