Assessing a training program
NIST Special Publication 800-16 recommends four ways to evaluate the effectiveness of a cybersecurity training program
- By John Moore
- Jan 22, 2010
The National Institute of Standards and Technology's Special Publication 800-16
recommends four ways to evaluate the effectiveness of a cybersecurity training program.
Level 1: End-of-Course Evaluations (Student Satisfaction). Those evaluations obtain instant feedback from students who use forms that rate the training facility, instructor and presentation method, among other factors.
Level 2: Behavior Objective Testing (Learning and Teaching Effectiveness). This level seeks to measure the degree to which a training activity transfers information to the student — for example, by administering tests before and after the training.
Level 3: Job Transfer Skills (Student Performance Effectiveness). An evaluator polls supervisors 30 days to 60 days after training to see whether employees are meeting the behavioral objectives of the program.
Level 4: Organizational Benefit (Training Program Effectiveness). This level seeks to quantify the value of the resulting security improvements in relation to the cost of the training.
John Moore is a freelance writer based in Syracuse, N.Y.