Organizational assessments can help you evaluate your organization’s current security awareness knowledge and security culture. Organizational assessments are not used for training purposes. Instead, they are used to help you gain insight into the strengths and weaknesses of your organization.
We offer two different assessments, the Security Awareness Proficiency Assessment (SAPA) and our Security Culture Survey (SCS), powered by CLTRe. You can assign these assessments to your users through your KSAT console. Results from both the SAPA and SCS can help you make a positive change in your organization. You can also use these assessments to measure your organization's progress over time and compare your organization’s scores to those of others in your industry.
SAPA results help you fine-tune your training program to address potential gaps in your organization’s security awareness. For more information on SAPA results, see the How to Use SAPA Results section of this article.
SCS results help you gain a better understanding of your organization’s security culture. For more information on SCS results, see the How to Use SCS Results section of this article.
How To Use SAPA Results
SAPA is an organizational assessment used to gain insight into the strengths and weaknesses of your organization’s security awareness knowledge. While SAPA is an essential part of building your training program, it is not intended to be used as training. SAPA helps you to assess your organization’s training efforts over time.
To protect the integrity of the assessment, SAPA results do not include a key of individual questions and their correct answers. A public question bank or shared answers between coworkers could skew assessment results and compromise the assessment’s accuracy. Instead, SAPA results display the general knowledge areas where your organization could improve. The results also provide a list of recommended training content to help strengthen each knowledge area. You can use this information to create targeted phishing and training campaigns. When you assign multiple assessments over time, you can compare the results of each SAPA and track your organization’s security awareness progress.
For more information about assigning the SAPA organizational assessment, see our Security Awareness Proficiency Assessment (SAPA) article.
How To Use SCS Results
The SCS is an organizational assessment used to gain insight into your organization’s security culture. While the SCS complements your training program and can help measure its overall impact on the culture of your organization, SCS is not intended to be used as training.
SCS results provide an overall security culture score for your organization as well as score breakdowns across seven security culture dimensions. You can use this information to establish a baseline for your security culture and determine the changes you need to make with your organization. You can also use SCS results to measure how your security culture evolves over time.
For more information about assigning the SCS organizational assessment, see our Security Culture Survey (SCS) article.