Open adammontville opened 5 years ago
Inputs 1) Date the organization's security awareness program was last updated 2) Maximum time allowed between updates to the organization's security awareness program
Operations 1) Verify that the maximum time allowed between updates to the security awareness program (Input 2) is one year or less and set M1 accordingly. 2) Check the date that the security awareness program was last updated (Input 1) to make sure that it occurred within the required time frame (Input 2) and set M2 accordingly.
Measures M1: boolean value; 1 if maximum time allowed between security awareness program updates is one year or less, 0 if greater than one year M2: boolean value; 1 if the last update to the security awareness program was within the required time frame, 0 otherwise
Metrics Security awareness program was last updated within acceptable time frame: M1 and M2
Ensure that the organization's security awareness program is updated frequently (at least annually) to address new technologies, threats, standards and business requirements.
Measures
Metrics/KEI
How is this technically measurable at all?