Page 8 - Cyber-Security-Awareness-Program _Methodology_eBook_InfoSight
P. 8
If organizations take strategic Testing helps determine how well your
measures to create a training “students” have retained the information being
program like that of InfoSight’s Cyber taught and to ensure they have a basic
Security Awareness Program - and not understanding of information security. Testing
just throw together a few PowerPoint can be performed in a number of ways.
slides to check training off the “to-do”
list - it will better prepare students to Pre-Testing and Post-Testing
help secure corporate systems as well
as demonstrate to stakeholders and According to an EMA survey, 62 percent consider the
examiners that your organization is completion of training in itself a measurement of
serious about awareness training. training and 55 percent measure its effectiveness by
conducting testing upon completion. InfoSight’s
InfoSight also provides a spreadsheet to method of measuring training far exceeds traditional
assist you in measuring the effectiveness standards. We encourage our customers to survey or
of your program. The spreadsheet test students before implementing the program to
contains a timeline of activities to help determine their baseline of knowledge regarding
you measure the program’s impact on information security, including the concepts of
your workforce . It can be used to confidentiality, integrity and availability of sensitive
measure your program’s value, data. Students are surveyed again upon completion of
including contributions made toward the first 12 months of the program to gauge their
reducing costs and risks. resilience towards spear phishing, malware, and drive-
by attacks and thus gauge the effectiveness of the
Cyber Security Awareness Program. Pre-and-post
testing can be accomplished using InfoSight’s pre-and-
post-program tests/surveys/questionnaires.
Social Engineering Testing
Additionally, InfoSight recommends performing social
engineering testing on students throughout the
program. In the social engineering assessments, certain
students are pre-selected. Simulated phishing attacks
are sent via email and phone calls are placed in an
attempt to manipulate the student into divulging
information that can be used to gain access to more
information or assets. InfoSight reports the findings of the
social engineering assessments to the customer.
8 Cyber Security Awareness Program™, InfoSight Inc. 8