Security Awareness Proficiency Assessment (SAPA)
You can assign a Security Awareness Proficiency Assessment to your users to assess your users' understanding of security awareness. The results of your assessments will provide a breakdown of your organization's strengths and weaknesses. Use this information to create more targeted campaigns to better suit the needs of your users.
The assessment questions were developed from four research studies. We've performed both external and internal validations and have refined the questions based on those results. For more information on how these questions were created, please see our Security Awareness Proficiency Assessment Technical Document.
Below, you'll learn about the Security Awareness Proficiency Assessment. For specific information about how to use assessments or what the Security Culture Survey (SCS) is, please see these articles on the Knowledge Base:
Use the jump links below to navigate to a specific section of the article.
We recommend assigning the first assessment after your first phishing test but before your first training campaign. This way, you can use the initial score as a baseline to see how your organization's strengths and weaknesses improve over time.
After your initial test, you should continue to assess your users at least yearly, but no more than twice a year. Testing users too soon after an assessment could interfere with results as it won't give your users enough time to learn from their new training assignments.
After they click Start, users have the option to click Start Assessment or Come Back Later. Once your user starts the assessment, they will not be able to stop in the middle of it and go back to it. It's important that the user has enough time to complete the assessment before starting it. If they don't have time to take the assessment right away, they can always click Come Back Later and take the assessment when they have more time to complete it.
If they click Start Assessment, the user will be asked 23 questions. These questions are pulled from a pool of 63 questions. This ensures each users' assessment is unique and that they won't be able to share answers with their coworkers, which would result in inaccurate reporting.
They will not be able to complete the assessment until they have answered all the questions.
To access the User Progress section, go to Training Campaigns under the Training tab. Click on the name of the campaign where the assessment was assigned. On the campaign overview, under the assessment name, click User Progress.
From the User Progress section, you can see all your users and their scores at a glance. This table shows you which users have started their assessment and those who haven't. You also have the option to download this information as a CSV file.
- Click the Download CSV button to download a CSV of the user data with their assessment scores.
- From the Score column, see your users' assessment score at a glance.
- Click the Actions drop-down menu to select which type of action to perform on the selected user or users. Options include:
Security Awareness Proficiency Assessment Results
On the Assessment Results tab, you will see your organization’s assessment average for all users. To navigate to your results, follow these instructions from the How to Use Assessments article. The first graph is a donut graph that shows the average assessment score for all of your users. Your second graph breaks down the average score by knowledge areas.
The seven knowledge areas are:
- Email Security
- Incident Reporting
- Internet Use
- Mobile Devices
- Passwords & Authentication
- Security Awareness
- Social Media Use
These knowledge areas are defined beneath the results. Click on a knowledge area to be directed to content in the ModStore that relates to that area. You can then use these suggestions to build your own custom campaigns to increase your users' knowledge of security awareness. If you have a Platinum or Diamond subscription, you can automatically enroll users into campaigns based on their assessment results using the Smart Group plan outlined in this article.