Educause Security Discussion mailing list archives
Re: National Cyber Security Awareness Month Metrics?
From: Allison F Dolan <adolan () MIT EDU>
Date: Wed, 3 Nov 2010 11:51:48 -0400
Some 'pulse of the community' type measures we've used include -- in a large meeting of financial/administrative officers, mixed in with their usual topics, were a couple 'show of hands' type questions on data security. (The group was too large to actually count hands, but the number of raised hands was gratifying.) -- as part of a vendor fair hosted by Procurement, there was an invitation to enter a drawing by filling in a short computer security questionnaire; the responses gave us a sense of what people knew and didn't know. For institutions that have implemented Identity Finder's console version, there are reports that could be useful, especially if correlated when specific awareness messages have gone out. There may be learnings from hospitals about what has worked re: awareness of practices like hand washing, and changing gloves etc. Somehow they know when hand washing increases. (and computer security has some of the same characteristics of behaviors/practices that need to be done all the time, not just once, or in special circumstances.) Allison F. Dolan Protecting PII Massachusetts Institute of Technology 77 Massachusetts Ave NE49-3021 Cambridge MA 02139-4307 Phone: (617) 252-1461 http://mit.edu/infoprotect On Nov 3, 2010, at 10:55 AM, Kris Monroe wrote:
Hearing about a number of the campus success stories in regards to National Cyber Security Awareness Month (NCSAM) got me wondering about Awareness and Training Metrics, especially as I try to figure out how effective our efforts at Ithaca College were. Also on the subject, a participant on the EDUCAUSE Live! webcast with Alan Paller asked “How do you measure Security awareness as a metric? Is there any metric?” Lance Spitzner has also been blogging about security awareness metrics on the SANS blog starting with Security Awareness Metrics - Part I: http://www.securingthehuman.org/blog/metrics-1/ Anyone have success stories on how and what they are tracking in order to measure the effectiveness of your NCSAM or security awareness efforts? Regards, -Kris Stay Safe Online! Visit ithaca.edu/ICinfosec for the latest cyber security tips. -- Kris Monroe, CISSP, CISA Information Security Officer Ithaca College email: kmonroe () ithaca edu P: 607.274.1997
Attachment:
smime.p7s
Description:
Current thread:
- National Cyber Security Awareness Month Success Stories Ben Woelk (Nov 02)
- National Cyber Security Awareness Month Metrics? Kris Monroe (Nov 03)
- Re: National Cyber Security Awareness Month Metrics? Allison F Dolan (Nov 03)
- National Cyber Security Awareness Month Metrics? Kris Monroe (Nov 03)