Tool introduces actionable, scalable method to assess organizational security culture

Infosec released one of the industry’s first cybersecurity culture assessment tools. The new Infosec IQ Cybersecurity Culture Survey introduces an actionable, scalable way to analyze and measure employee attitudes and perceptions towards security practices, policies and training strategies across five cultural domains.

“Few metrics offer better insight into the effectiveness of your security awareness training program than your cybersecurity culture,” said Jack Koziol, Infosec CEO and founder.

“However, it is also an extremely challenging metric to quantify and track over time. The new Infosec IQ Cybersecurity Culture Survey leverages the latest research into security culture assessment to help our clients show the impact of training beyond measurements like phishing click rates and training completion.” 

The Infosec IQ Cybersecurity Culture Survey collects employee feedback and scores organizations across these five domains: 

• Confidence: how employees classify their own ability to put their cybersecurity knowledge to practical use
• Responsibility: how employees perceive their role in organizational security
• Engagement: how willingly employees participate in an organization’s security awareness and training program and apply available resources and support to improve security behaviors
• Trust: how employees perceive the security posture and processes at their organization
• Outcomes: how employees perceive the consequences of a security incident at their organization

“Traditional security awareness and training success metrics like phishing clicks are important, but the majority of our clients are driving behavior change beyond just the inbox. They are looking to shift the way employees think and feel about cybersecurity,” said Koziol.

“Interactive Infosec IQ training resources like the Choose Your Own Adventure Security Awareness Games are designed to fundamentally change the way employees perceive security functions and learn how they personally contribute to keeping data secure. Cultural assessments are one way our clients can measure this perception shift over time.”

The Infosec IQ Cybersecurity Culture Survey helps security awareness managers evolve program goals and success metrics to align with recommendations from leading research firms like Forrester.

According to a Forrester report authored by analysts Jinan Budge and Claire O’Malley, “Cultural change takes time and results are difficult to measure.” One technique they recommend CISOs use is

“surveying the workforce to measure motivation, ability and triggers. This will allow you to quantify the strengths and weaknesses of an existing or potential SA&T [security awareness and training] program and gain insight into the current state of security culture.”¹

Infosec IQ program managers can administer the Cybersecurity Culture Survey as needed and use results to guide changes to cybersecurity policies, practices or training strategies.

The tool generates scores across all five domains and provides recommendations for strengthening cybersecurity culture and improving scores in each domain. Recommendations include training content and employee engagement features built within the Infosec IQ security awareness platform and suggestions for increasing the impact of security-related communications.

Infosec is the leading cybersecurity education company helping IT and security professionals advance their careers and empowering employees to be cyber-safe at work and home.