Haney, J.
, Jacobs, J.
and Furman, S.
(2023),
Compliance or Impact? Insights into How U.S. Government Organizations Determine the Effectiveness of Security Awareness Programs, No official proceedings. Published at https://www.theimpactconference.com/, London, GB, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=935984
(Accessed October 10, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Compliance or Impact? Insights into How U.S. Government Organizations Determine the Effectiveness of Security Awareness Programs
Published
Author(s)
, ,
Abstract
The goal of security awareness programs is to positively influence employee security behaviors. However, organizations in compliance-focused sectors may struggle to determine program effectiveness, often relying on training completion rates rather than measuring actual impact. In this presentation, we will describe the results of a multi-phased research study that, in part, sought to discover approaches and challenges to measuring security awareness program effectiveness within the U.S. government. Our results can aid security awareness professionals in developing impact-based measures of effectiveness and inform developers of security awareness guidance and other initiatives that can aid organizations inside and outside the government.Proceedings Title
No official proceedings. Published at https://www.theimpactconference.com/
Conference Dates
March 2, 2023
Conference Location
London, GB
Conference Title
Impact 2023
Pub Type
Conferences
Download Paper
Keywords
cybersecurity, awareness, training, measures of effectiveness
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created March 2, 2023, Updated March 24, 2023