Assessing a training program

NIST Special Publication 800-16 recommends four ways to evaluate the effectiveness of a cybersecurity training program

The National Institute of Standards and Technology's Special Publication 800-16 recommends four ways to evaluate the effectiveness of a cybersecurity training program.

Level 1: End-of-Course Evaluations (Student Satisfaction). Those evaluations obtain instant feedback from students who use forms that rate the training facility, instructor and presentation method, among other factors.

Level 2: Behavior Objective Testing (Learning and Teaching Effectiveness). This level seeks to measure the degree to which a training activity transfers information to the student — for example, by administering tests before and after the training.

Level 3: Job Transfer Skills (Student Performance Effectiveness). An evaluator polls supervisors 30 days to 60 days after training to see whether employees are meeting the behavioral objectives of the program.

Level 4: Organizational Benefit (Training Program Effectiveness). This level seeks to quantify the value of the resulting security improvements in relation to the cost of the training.

About the Author

John Moore is a freelance writer based in Syracuse, N.Y.

Featured

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/Shutterstock.com)

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected