Educause Security Discussion mailing list archives

Re: National Cyber Security Awareness Month Metrics?

From: Allison F Dolan <adolan () MIT EDU>
Date: Wed, 3 Nov 2010 11:51:48 -0400

Some 'pulse of the community' type measures we've used include

-- in a large meeting of financial/administrative officers, mixed in with their usual topics, were a couple 'show of 
hands' type questions on data security.  (The group was too large to actually count hands, but the number of raised 
hands was gratifying.)

-- as part of a vendor fair hosted by Procurement, there was an invitation to enter a drawing by filling in a short 
computer security questionnaire; the responses gave us a sense of what people knew and didn't know.

For institutions that have implemented Identity Finder's console version, there are reports that could be useful, 
especially if correlated when specific awareness messages have gone out.

There may be learnings from hospitals about what has worked re: awareness of practices like hand washing, and changing 
gloves etc.  Somehow they know when hand washing increases. (and computer security has some of the same characteristics 
of behaviors/practices that need to be done all the time, not just once, or in special circumstances.)

Allison F. Dolan
Protecting PII
Massachusetts Institute of Technology
77 Massachusetts Ave  NE49-3021
Cambridge MA 02139-4307         
Phone: (617) 252-1461
http://mit.edu/infoprotect



On Nov 3, 2010, at 10:55 AM, Kris Monroe wrote:

Hearing about a number of the campus success stories in regards to National Cyber Security Awareness Month (NCSAM) 
got me wondering about Awareness and Training Metrics, especially as I try to figure out how effective our efforts at 
Ithaca College were.
Also on the subject, a participant on the EDUCAUSE Live! webcast with Alan Paller asked “How do you measure Security 
awareness as a metric? Is there any metric?”
Lance Spitzner has also been blogging about security awareness metrics on the SANS blog starting with Security 
Awareness Metrics - Part I:
http://www.securingthehuman.org/blog/metrics-1/

Anyone have success stories on how and what they are tracking in order to measure the effectiveness of your NCSAM or 
security awareness efforts?

Regards,
-Kris
Stay Safe Online!
Visit ithaca.edu/ICinfosec for the latest cyber security tips.
--
Kris Monroe, CISSP, CISA
Information Security Officer
Ithaca College

email: kmonroe () ithaca edu
P: 607.274.1997

Attachment: smime.p7s
Description:

Current thread:

National Cyber Security Awareness Month Success Stories Ben Woelk (Nov 02)
- National Cyber Security Awareness Month Metrics? Kris Monroe (Nov 03)
  - Re: National Cyber Security Awareness Month Metrics? Allison F Dolan (Nov 03)