Blind Spot: Do You Know the Effectiveness of Your Information Security Awareness-Raising Program?

Information and IT security awareness-raising measures and the evaluation of these measures are an indispensable part of today’s information and knowledge society. While the number of firms that apply such measures is increasing, surveys of corporations show that it is unusual for these measures to be accompanied by specific in-depth evaluations of their effectiveness. Since these awareness-raising measures demand resources such as time, money, and the willingness of employees, every organization should have an interest in assessing their effectiveness. To support organizations in discovering the evaluation methods and metrics that meet their individual needs, an overview of current measures for assessing effectiveness is presented in this paper. Their advantages, disadvantages, and appropriate application are discussed. At the end of the paper suggestions are given as to what direction might be taken going forward.