Train the workforce on how to identify different forms of social engineering attacks, such as phishing, phone scams and impersonation calls.
Measures
c_i_j = # of properly identified task by employee j in round i
TQ_i_j = # of toal task for employee j in round i
n = # of total employee randomly picked
m = # of round
alpha = damping factor(more recent round will have higer weight) < 1
Metrics/KEI
TP Quality = ( SUM over j: 1 to n ( (SUM over i:0 to m-1 ( (c_i_j / TQ_i_j) * alpha^i ) ) / (SUM over i:0 to m-1 (alpha^i ) ) ) ) / n
Related to each of these "training" pieces. Seems that this should inform v8.0.0 of the controls. What are the characteristics of a security awareness program? How well are employees doing year over year against those tests?
List of most recent completion date for this module of the security awareness training for each workforce member
Required frequency of training (at least annually)
Operations
For each workforce member in Input 1, check Input 2 to see if that workforce member's most recent completion date of this training module was within the time frame specified by Input 3 (if the workforce member is not listed in Input 2, assume the workforce member is not compliant). Generate a list of compliant workforce members (M1) and a list of non-compliant workforce members (M2).
Measures
M1: List of workforce members who have completed this security awareness training module within the specified time frame (compliant list)
M2: List of workforce members who have not completed this security awareness training module within the specified time frame (non-compliant list)
M3: Number of workforce members in the compliant list (M1)
M4: Number of workforce members in the non-compliant list (M2)
Train the workforce on how to identify different forms of social engineering attacks, such as phishing, phone scams and impersonation calls.
Measures
Metrics/KEI
Related to each of these "training" pieces. Seems that this should inform v8.0.0 of the controls. What are the characteristics of a security awareness program? How well are employees doing year over year against those tests?