Ask the Expert

The outsourcing and ROI of security awareness training

Having security policies are great, but it doesn't help if the employees are not aware of them. To properly enforce these policies, the company should provide security awareness training.

Can you please tell me who in the company decides to invest in outsourced employee security awareness training? Is it the CIO, CSO, HR Manager or the CEO? Do they expect a measurable return on investment?

    Requires Free Membership to View

I agree with your opening statement that security awareness training is needed. Within the Government Agency that I support, such training is mandated on an annual basis for all employees and contractors.

As for who invests, the answer would be whomever controls the security budget. In many cases executives are looking for a measurable ROI for all security expenditures. I personally think that is the wrong approach. Security expenses should be looked at more so as an insurance policy: What are the potential losses that are avoided by spending money on security? Awareness training is just another valid expenditure in that area.

For more information on this topic, visit these other resources:
  • News & Analysis: Quantifying security ROI hefty challenge for IT
  • News & Analysis: Measuring security ROI a tall order
  • Best Web Links: Budgeting for security
  • News & Analyis: Security on the cheap

    This was first published in March 2003

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: