Metrics give you the ability to track and measure the impact of your security awareness program. This can be used to improve your training, demonstrate return on investment, or compare your human risk to other organizations in your industry. All resources here are free, developed by the community for the community. Please send any feedback on how to improve these resources to email@example.com.
This spreadsheet identifies and documents different options for measuring your security awareness program. It includes metrics for both measuring impact (change in behavior) and for tracking compliance.
Measuring Human Risk - Survey
This twenty-five question survey will help you determine the human risk in your organization. Each question and its respective answers have different levels of risk associated with them. Depending on how your employees respond, you can add up the answers and determine a quantitative value of your human risk.
Phishing Assessments Planning Package
Phishing assessments are not only a simple and effective way to measure the impact of your awareness program, but a very powerful way to reinforce key training concepts. This package helps you step by step plan, build and implement a successful phishing assessment program, including several templates. This package was developed in partnership with various community members actively involved in establishing their own security awareness programs.