Track Compliance and Learn From Incidents
After completing this unit, you’ll be able to:
- Describe how security awareness specialists track compliance with training and awareness campaigns.
- Explain the importance of integrating an awareness program with incident response.
Whether you’re just starting out in your career or already have a few years of experience under your belt, you probably know that it’s helpful to track the progress of a program to understand whether it is achieving its objectives. Security awareness and training is not a one-time event; it’s an ongoing dynamic process that evolves as priorities shift, organizations change, employees are on-boarded or change roles, and new threats emerge.
Security awareness specialists track employee compliance by looking at training completion metrics. Training can be required once a quarter, annually, when an employee changes roles, or when a new employee joins the company. Security awareness specialists use these metrics and other key performance indicators (KPIs) to communicate the status of the risk profile of the organization and describe the performance of the awareness program to relevant stakeholders.
Reviewing program metrics can also help the organization identify residual or new risks. For example, the security awareness specialist can develop a phishing simulation in which fake phishing emails are sent to employees. The specialist can track how many people are clicking on phishing tests, and identify where more training is needed to educate users about how to identify phishing emails. The specialist can also track how many users recognize the email as phishing and follow procedures in reporting the email to the Security Operations Center (SOC). Users who click phishing simulation links can be prompted to retake awareness training. Repeat offenders can even have their privileges reviewed or changed.
Similarly, the security awareness specialist can track metrics on users who download malware, or frequently visit bad sites or otherwise violate policies and procedures, to target users who need particular help in understanding security protocols. This also helps identify trends in security risks that can be addressed through broader training. The specialist can also work with the organization's insider threat team to put in place additional monitoring for users who pose a higher risk to the organization, either because of their role or their past behavior. In this way, the security awareness specialist works across the organization to help measure and detect risks proactively and tailor awareness programs to help improve user behavior and strengthen security culture.
Security awareness specialists also have a role to play in incorporating feedback from incidents into training efforts to help the organization recover and improve its security posture. Tying awareness programs to real incidents can motivate a change in behavior and culture and teach people the importance of how their actions protect an organization. In addition, it pinpoints the risk areas and informs the way to build training and awareness content that is most relevant and timely.
While looking at your own incident data, it’s also important to benchmark your organization's breach and training data against data for other companies in your industry to identify opportunities to shift resources according to best practices and industry trends.
As you do the work to learn from your own organization’s incident information and look at other companies practices as well, it’s critical to identify and update policies, procedures, and associated metrics by working within cross-functional teams within your organization. These changes can then be incorporated into a broader company-wide security training and awareness campaign.
For more ideas on how to build, maintain, measure, and mature an awareness program, check out SANS training on the subject.
In this module, you've been introduced to several important considerations in planning, implementing, and measuring a security awareness program, and using that program to decrease incidents and create positive change in an organization’s security posture. You now can explain a little bit more about the role of a security awareness specialist, and understand if this role is the right one for you. Learn more about in-demand cybersecurity skills and meet practitioners in the cybersecurity field by visiting the Cybersecurity Learning Hub on Trailhead.