Security Awareness Blog

Security Awareness Metrics - Measuring Human Risk

Folks, I am very excited to announce Securing The Human has a new section dedicated just to security awareness metrics. Measuring peoples' awareness and risk is one of the biggest challenges in our field, and we hope these free resources can help your program grow. As always, these free resources are by the community for the community so we would love your feedback on how to improve these. Two key resources include the following:

  1. Metrics Matrix: When people think security awareness metrics the first thing they often think of is phishing assessments. While a powerful tool, this only measures a tiny portion of human risk, we need more tools. The Security Awareness Metrics Matrix is a spreadsheet that identifies and documents different options for measuring your security awareness program. It includes metrics for both measuring impact (change in behavior) and for tracking compliance.
  2. Human Risk Survey: This twenty-five question survey will help you determine the human risk in your organization. Each question and its respective answers have different levels of risk associated with them. Depending on how your employees respond, you can add up the answers and determine a quantitative value of your human risk.

Send any suggestions or feedback to community@securingthehuman.org.