Measuring the Impact of E-Learning Platforms on Information Security Awareness.

Humans play a central role in information security. The behavior of workers at their workplace affects the confidentiality, integrity, and availability of sensitive corporate information. In addition, attackers exploit the “human factor” as a weak point with techniques such as phishing, malware, and social engineering. Exploiting the lack of awareness is often an easy task with minimal risk. To make employees aware of their important role, companies typically carry out security awareness campaigns. Our university created an e-Learning Platform (eLP) to support our awareness campaigns. In order to determine the success, the effectiveness and the impact of such an awareness campaign, suitable measurement methods are needed. A common approach to measure the success of eLPs is to run surveys and questionnaires with the learners. Since the manual evaluation of those surveys and questionnaires is a time-consuming task, we are researching how a possible automation can be achieved. Moreover, the effectiveness is often evaluated through quizzes or knowledge tests. Since knowledge by itself does not improve the behavior of people, the compliant-behavior has to be measured, too. We derived metrics for success and effectiveness but recognized that success can hardly be measured automatically. To reduce the manual effort we decided to only measure the effectiveness automatically. Therefore, we are measuring the behavior and determine if the security-compliance has increased.