Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?
Correct Answer: B
Internal assessment of the training program's effectiveness is the action that is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks. A security awareness training program is a program that educates and trains the employees and users of an organization on the security policies, procedures, and best practices, and that aims to improve the security culture and behavior of the organization. A social engineering attack is an attack that exploits the human factors, such as the emotions, trust, or curiosity, of the employees and users, and that manipulates them to perform actions or disclose information that may compromise the security of the organization, such as clicking on a malicious link, opening an infected attachment, or providing credentials or sensitive data. Internal assessment of the training program's effectiveness is the action that involves measuring and evaluating the outcomes and impacts of the training program, and that compares them with the objectives and expectations of the training program. Internal assessment of the training program's effectiveness can help to determine a measure of success of a security awareness training program designed to prevent social engineering attacks, by providing indicators and metrics such as:
The level of knowledge and awareness of the employees and users on the security policies, procedures, and best practices, and on the social engineering threats, techniques, and countermeasures.
The level of compliance and adherence of the employees and users to the security policies, procedures, and best practices, and to the social engineering prevention and response guidelines.
The level of improvement and change of the security culture and behavior of the organization, and of the security posture and resilience of the organization.
The level of satisfaction and feedback of the employees and users on the training program, and on the security policies, procedures, and best practices.