Problem solve Get help with specific problems with your technologies, process and projects.

The outsourcing and ROI of security awareness training

Having security policies are great, but it doesn't help if the employees are not aware of them. To properly enforce...

these policies, the company should provide security awareness training.

Can you please tell me who in the company decides to invest in outsourced employee security awareness training? Is it the CIO, CSO, HR Manager or the CEO? Do they expect a measurable return on investment?

I agree with your opening statement that security awareness training is needed. Within the Government Agency that I support, such training is mandated on an annual basis for all employees and contractors.

As for who invests, the answer would be whomever controls the security budget. In many cases executives are looking for a measurable ROI for all security expenditures. I personally think that is the wrong approach. Security expenses should be looked at more so as an insurance policy: What are the potential losses that are avoided by spending money on security? Awareness training is just another valid expenditure in that area.

For more information on this topic, visit these other SearchSecurity.com resources:
  • News & Analysis: Quantifying security ROI hefty challenge for IT
  • News & Analysis: Measuring security ROI a tall order
  • Best Web Links: Budgeting for security
  • News & Analyis: Security on the cheap

  • This was last published in March 2003

    Dig Deeper on Security Awareness Training and Internal Threats-Information

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.