Assessing a training program

NIST Special Publication 800-16 recommends four ways to evaluate the effectiveness of a cybersecurity training program

The National Institute of Standards and Technology's Special Publication 800-16 recommends four ways to evaluate the effectiveness of a cybersecurity training program.

Level 1: End-of-Course Evaluations (Student Satisfaction). Those evaluations obtain instant feedback from students who use forms that rate the training facility, instructor and presentation method, among other factors.

Level 2: Behavior Objective Testing (Learning and Teaching Effectiveness). This level seeks to measure the degree to which a training activity transfers information to the student — for example, by administering tests before and after the training.

Level 3: Job Transfer Skills (Student Performance Effectiveness). An evaluator polls supervisors 30 days to 60 days after training to see whether employees are meeting the behavioral objectives of the program.

Level 4: Organizational Benefit (Training Program Effectiveness). This level seeks to quantify the value of the resulting security improvements in relation to the cost of the training.

About the Author

John Moore is a freelance writer based in Syracuse, N.Y.

Featured

  • Workforce
    coronavirus molecule (creativeneko/Shutterstock.com)

    OMB urges 'maximum telework flexibilities' for DC-area feds

    A Sunday evening memo ahead of a potentially chaotic commute urges agency heads to pivot to telework as much as possible.

  • Acquisition
    Shutterstock ID: 1993681 By Jurgen Ziewe

    Spinning up telework presents procurement challenges

    As concerns over the coronavirus outbreak drives more agencies towards expanding employee telework, federal acquisition contracts can help ease some of the pain.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.