10 Ways To Measure IT Security Program Effectiveness
The right metrics can make or break a security program (or a budget meeting).
Ericka Chickowski, Contributing Writer
March 16, 2015
10 Slides
Just how effective is all of that "soft" spending on security awareness training? Steve Santorelli of Team Cymru says there are ways to track and measure that, primarily through phishing and social engineering stress testing, where you test you staff for phishing awareness and social engineering awareness.
Basically, you run a fake phishing campaign and make a few hoax calls," says Santorelli, director of analysis and outreach for the research firm. "Reward and publicize good results, help failures to learn from their errors, and you'll have folks actively watching out for these attacks--for a few weeks at least."
About the Author
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
You May Also Like
More Insights