Security awareness is a core component of an information security program. Many information security professionals struggle, however, with delivering security awareness messages and measuring their effectiveness. This research bulletin discusses ways in which information security teams might improve and mature their security awareness activities by implementing an effective metrics program. It examines the results of a community survey and provides guidance on developing the types of security awareness activities that not only educate customers about the top information security issues on campus but also provide information security program managers with the opportunity to quantitatively measure the value of their efforts.
Citation for this Work: McElroy, Lori, and Eric Weakland. “Measuring the Effectiveness of Security Awareness Programs” (Research Bulletin). Louisville, CO: EDUCAUSE Center for Analysis and Research, December 10, 2013, available from http://www.educause.edu/ecar.