Security Awareness Training Data Is Great…But Wisdom Is Better

The amount of data tracked throughout every aspect of our lives is ever increasing, as are the opportunities to track even more data.  Whether as a customer, a contributor for your organization, an investor, or even a parent, there is an enormous framework to grow our knowledge and understand the impacts we impose on others and experience ourselves.  However, in cybersecurity awareness training (as in life) data alone is not the rationale that drives decisions, defines success or failure, interprets risk, and so forth.

The Data-Information-Knowledge-Wisdom (DIKW) hierarchy is not a new idea, but its relevance expands as our exposure to technology grows in breadth and depth. Many of you have likely seen a form of the DIKW pyramid (like the one pictured above), as it’s often used to explain the importance of meaningful data manipulation: Organized in meaningful ways, data becomes information. This information is used to educate stakeholders to become knowledgeable on a subject, which in turn leads to wisdom that supports the understanding of an environment and, ultimately, informed and intelligent decision-making.

In business environments, leaders often rely on their experience, business savvy, and gut instinct in lieu of complete information. But while intuition will always play a role in decision-making, business leaders should tap into the data that’s at their disposal, as it can help to reduce risk to customers, coworkers, and communities at large. Though there is an emphasis on data gathering, there is less emphasis on data transformation, which is leading to more “guesswork” than is necessary.

On the other hand, there is perhaps too much emphasis on gathering data for data’s sake without a recognition that not all metrics tell a valuable story. That’s why, within our Security Education Platform, we continually strive to give our customers access to actionable data and business intelligence tools that allow them to combine and organize that data in meaningful ways.

Reporting Tools That Help You Tell – and Shape – Your Organization’s Story

End-user understanding and performance specific to your organization will not be found within a preexisting report. 

It is necessary to assess the knowledge of end users, and how they will behave when they are exposed to potentially threatening scenarios. It is necessary to address end-user deficiencies.  And it is necessary to continuously evaluate progress to increase awareness and preparedness over time — for them and for you.

When considering how you will help prepare your end users to protect the integrity of your organization’s data, networks, and systems, be sure the evaluation of your approach includes a comprehensive look into reporting. If you want to measure ROI…compare results over time…course-correct based on progress…share reports with other stakeholders…and use your data in other meaningful ways, you have to ensure the tools you use gather meaningful data and allow you to organize it in ways that help you learn more about your organization’s risk and apply what you learn to mitigate that risk.

We recommend being able to fulfill the following knowledge capabilities (at minimum). The information fields we note alongside those capabilities are the types of business intelligence features you should seek from your security awareness and training tools: