As technologies advance and your staff turns over, a security awareness program can become out-of-date much faster than you might expect. Continuous improvement should be built into the program to keep it current and relevant. Monitoring how your SAP is performing allows you to initiate upgrades and improvements for the SAP.
You will Map out a monitoring and evaluation plan for a fictitious SAP. Define what you would measure, how often you would measure, how you would apply the results, and how you would factor in and justify actual costs and opportunity costs (the costs of failure to act). Capturing and monitoring this data will allow you to report on your implementation progress with the SAP.
Write a 4- to 6-page paper, in APA format, that maps out a monitoring and evaluation plan for the fictitious security awareness program. Make sure that your plan includes the following:
• A tracking mechanism to monitor the relevant security topics, who has been trained, the frequency of the training, and how you will confirm that the training is ongoing
• An evaluation and feedback mechanism to gather data on how well the training is working; this information will also allow you to find gaps in the existing training that need to be closed; examples include status reports, interviews, and focus groups
• An identification and description of at least two security awareness metrics you would employ to track the progress of the SAP; for example, a “Computer Logged On” metric can be introduced to keep track of how many people leave their computers logged in when they are away from their desk
• An explanation of how you would deploy the metrics you selected; for instance, to accurately measure the effectiveness of a poster intended to discourage certain behavior, you might measure employee behavior both before and after these posters are placed throughout the office; periodic measurements can indicate if the posters are enough, or if additional awareness training is needed
Here is a break down of the 4 paragraph headings:
– The submission includes a tracking mechanism for each security awareness topic that effectively monitors the status of the SAP
Evaluation and Feedback Mechanism
-The submission includes a detailed explanation of the accuracy of the systems as well as how the biometrics are collected.
Security Awareness Metrics
– The submission identifies and explains in detail the use of two security awareness metrics important to the success of the plan.
– The submission includes an explanation of how the selected metrics would be deployed to accurately measure their effectiveness.