Evaluating training effectiveness is a vital step to ensure that the training delivered is meaningful. Training is “meaningful” only when it meets the needs of both the student (employee) and the organization. If training content is incorrect, outdated, or inappropriate for the audience, the training will not meet student or organizational needs. If the delivery vehicle (e.g., classroom or computer-based training) is inappropriate, either in relation to the simplicity/complexity of the content or to the type of audience—or if there is an inadequate mix of vehicles in an agency’s overall training program—the training will not meet needs. Spending time and resources on training that does not achieve desired effects can reinforce, rather than dispel, the perception of security as an obstacle to productivity. Further, it can require the expenditure of far more resources in data or system recovery after a security incident occurs than would have been spent in prevention activities.

Awareness; Sicherheit; Verhalten; Lernen; Training; Evaluation; Effektivität ; ;

{nist800-16} 'Mark Wilson and Dorothea E. {de Zafra} and Sadie I. Pitcher and John D. Tressler and John B. Ippolito' (2003) : Information Technology Security Training Requirements: A Role- and Performance-Based Model

Meaningfulness, or effectiveness, requires measurement. Evaluating training effectiveness has four distinct but interrelated purposes -- to measure: *[ [The extent to which conditions were right for learning and the learner’s subjective satisfaction;] [What a given student has learned from a specific course or training event, i.e., learning effectiveness;] [A pattern of student outcomes following a specific course or training event; i.e., teaching effectiveness; and] [The value of the specific class or training event, compared to other options in the context of an agency’s overall IT security training program; i.e., program effectiveness.] ]*

Awareness; Sicherheit; Verhalten; Lernen; Training; Evaluation; Effektivität ; ;

{nist800-16} 'Mark Wilson and Dorothea E. {de Zafra} and Sadie I. Pitcher and John D. Tressler and John B. Ippolito' (2003) : Information Technology Security Training Requirements: A Role- and Performance-Based Model