Security Awareness Training includes a Risk Assessment survey you can distribute to your users to see how they feel about online security and safety. Based on the results, you can make decisions on how to best address areas with the highest risk.
Some organizations choose to distribute the Risk Assessment survey when they first start using Security Awareness Training to get baseline values for their organization. Then, they will distribute it again periodically to small groups, to see how their organization's risk profile has changed.
For instructions on creating your own Survey, see Creating a Risk Analysis Survey.
The Survey
The survey is called Risk Assessment Survey - 25, and you can access it from the Training Content or Content Center.
It contains a series of questions, asking the user about their feelings on a variety of online security questions, based on their own thoughts and experiences.
Here are some of the questions included:
The information technology department is solely responsible for protecting our critical data and information systems.
- Strongly agree
- Agree
- Neither agree nor disagree
- Disagree
- Strongly disagree
Do you copy files or data from the office to your home computer?
- Yes
- No
Which item is NOT considered Personally Identifiable Information?
- Social Security Number
- Birth Date
- Employee Badge Number
- Driver's License Number
The Results
The results help you to weigh the impact and likelihood for risks based on various factors.
Locate the survey results under Education > Risk Analysis.
You can view results based on:
- Section
- Element Groups
- Elements
- Questions
- Respondent
- Scores
- Detail
- Comments
If you do not see one of these fields, perform the following steps:
- On the main Risk Analysis page, select the Details tab.
- In the upper right corner of the results section, click the pencil icon.
- In the Available Fields list on the left side of the page, locate the field you want to include. Move it to the Column List on the right side.
- Click Save.
You can then tailor your training materials to the results. For example, if you see that there are more problems with awareness than with procedures, you can start the training focus on awareness.
As with other results data, you can export data and create Custom Reports.