Working with Security Awareness Proficiency Assessments
You can assign a Security Awareness Proficiency Assessment to your users to assess your users' understanding of security awareness. The results of your assessments will provide you with a breakdown of your organization's strengths and weaknesses. Use this information to create more targeted campaigns to better suit the needs of your users. Assess your users at least once a year to help fill any gaps in knowledge for individual users and increase the overall strength of your human firewall.
These questions were developed from four research studies. We've done both external and internal validations and have refined the questions based on those results. For more information on how these questions were created, please see our Security Awareness Proficiency Assessment Technical Document.
We recommend that you send out your first assessment after your first phishing test but before your first training campaign. This way, you can use the initial score as a baseline to see how your organization's strengths and weaknesses improve over time.
After your initial test, you should continue to assess your users at least yearly, but no more than twice a year. Testing users too soon after an assessment could interfere with results as it won't give your users enough time to learn from their new training assignments.
Assessments are assigned the same way you assign other training content in the console. To assign an assessment to your users, follow the steps below:
For the Beta version, you will not need to add the assessment from the ModStore. The assessment will be available in Store Purchases and visible in the Content drop-down menu of the Create New Training Campaign window. If you do not see an assessment, please contact your CSM. Please skip to step 4 of the following procedure.
- Add the assessment you'd like to use in the ModStore. To do this, go to the ModStore tab and use the Assessments link under Categories to filter out all other content.
- Click on the name of the assessment to view its details.
- Click Add to Account to add the assessment to the campaign.
- Navigate to Training > Training Campaigns and click + Create Campaign.
- From the Content drop-down, select the assessment you'd like to assign.
- Fill out all required fields for the campaign. For more information on how to create a new campaign, click here.
- Click Create Campaign.
Users will take assessments the same way they take any other kind of training assignment. It will appear in their list of assigned content and they will click Start to begin the assessment.
After they click Start, users have the option to click Start Assessment or Come Back Later. Once your user starts the assessment, they will not be able to stop in the middle of it and go back to it. It's important that the user has enough time to complete the assessment before starting it. If they don't have time to take the assessment right away, they can always click Come Back Later and take the assessment when they have more time to complete it.
If they click Start Assessment, the user will be asked 23 questions. These questions are pulled from a pool of 63 questions. This ensures each users' assessment is unique and that they won't be able to share answers with their coworkers, which would result in inaccurate reporting.
They will not be able to complete the assessment until they have answered all questions.
After they complete the assessment, they will be directed to a thank you page.
Working with Assessment Results
After your users have taken the assessments, the data is collected into two different charts. The information in these charts can be used to create more effective campaigns that target your organization's weaknesses.
To view your results, follow these steps:
- Navigate to Training > Training Campaigns.
- Click the name of the Campaign where the assessment was assigned.
- Click the name of the assessment that contains the results you want to review.
- Click the Assessments Results tab.
The first graph is a donut graph which shows the average assessment score for all of your users. Your second graph breaks down the average score by knowledge areas.
The seven knowledge areas are:
- Password Management
- Email Use
- Internet Use
- Social Media Use
- Mobile Devices
- Incident Reporting
- General Awareness
Use these key terms to search the ModStore for the type of content you should add to your next training campaign to improve upon your organization's weaknesses.