10 Ways To Measure IT Security Program Effectiveness
The right metrics can make or break a security program (or a budget meeting).
March 16, 2015
Just how effective is all of that "soft" spending on security awareness training? Steve Santorelli of Team Cymru says there are ways to track and measure that, primarily through phishing and social engineering stress testing, where you test you staff for phishing awareness and social engineering awareness.
Basically, you run a fake phishing campaign and make a few hoax calls," says Santorelli, director of analysis and outreach for the research firm. "Reward and publicize good results, help failures to learn from their errors, and you'll have folks actively watching out for these attacks--for a few weeks at least."
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024