Measuring Security Awareness Program Results

Measuring Security Awareness Program Results

Metrics give you the ability to track and measure the impact of your security awareness program. This can be used to improve your training, demonstrate return on investment, or compare your human risk to other organizations in your industry. These resources are developed for the community and unless otherwise stated are distributed under the Creative Commons BY-NC-SA 4.0 license. Please send any feedback on how to improve these resources to

Metrics Matrix

This spreadsheet identifies and documents different options for measuring your security awareness program. It includes metrics for both measuring impact (change in behavior) and for tracking compliance.

Human Metrics: Measuring Behavior

Security awareness is nothing more than another control designed to reduce risk, specifically human risk. This presentation will cover the different ways organizations are effectively measuring human risk, which methods are proving to be the most successful, and steps you can take to have successful metrics for your awareness program.

Effective Phishing of Employees

One of the most effective ways to address phishing attacks is to train and measure employees through phishing assessments. This presentation covers step-by-step how to build, maintain and measure an effective long-term phishing assessment program for your organization.