"Improved employee understanding of appropriate behaviors and best
practices for enhanced information security reduces security risks and
helps ensure compliance with regulations such as Sarbanes-Oxley, HIPAA,
the Payment Card Industry Data Security Standards (PCI DSS) and others.
But merely providing security training is not enough. Organizations
need to know if training programs have been successful in changing
behavior.
In order to provide an effective security training program,
metrics must be set in place from the start. Measurements help
establish a baseline of individual and organizational competencies in
enterprise security. Additionally, metrics help identify gaps in
current training initiatives that should be remedied and improve the
methodology and/or content of training programs. Measuring training
effectiveness can also be useful in validating the competency of the
training entity itself."
Article Link: http://scmagazine.com/us/news/article/661966/using-industry-best-practices-effective-security-training
