Security Awareness Blog: Category - Security Awareness Metrics

Security Awareness - Is 95% Good Enough?

Last week on the infamous podcast series Pauldotcom I was fortunate enough to join an amazing group of security professionals to discuss if security awareness is worth the time and effort. If you have not listened to Pauldotcom before, definitely try them out. No Political Correctness there, people definitely speak their minds. The podcast included … Continue reading Security Awareness - Is 95% Good Enough?


Security Awareness Roadmap - DRAFT

Several weeks ago I posted about the the Security Awareness Maturity Model. This consensus project was driven by a need for organizations to be able to easily identify how mature their awareness program was, and where they needed to take it. Over twenty organizations help develop the maturity model. Now we have taken the … Continue reading Security Awareness Roadmap - DRAFT


Establishing Phishing Assessment Programs

In the past I've posted about the tremendous value of phishing assessments, both as a tool to measure the impact of your awareness program and as a tool to reinforce key behaviors. While sending out a single phishing email is relatively simple, establishing a long-term phishing assessment program is difficult, it takes a great deal … Continue reading Establishing Phishing Assessment Programs


Security Awareness Maturity Model - Metrics

In this series of posts we have been discussing the different maturity levels of security awareness training. We started discussing the first two levels, having no awareness program and having a compliance focused awareness program, designed to meet only the minimal requirements. Then we covered promoting awareness and change and long term sustainment. Today we … Continue reading Security Awareness Maturity Model - Metrics


Security Awareness Maturity Model

One of the biggest challenges I feel we face in security awareness is its lack of maturity. Many fields within information security have developed and matured over the years with entire frameworks built around them, fields such as penetration testing, system hardening, secure software development and digital forensics. However we have no framework or maturity … Continue reading Security Awareness Maturity Model