Information Security Awareness Questionnaire
How many employees do you have?
For how many of your employees do you require Information Security awareness training?
What industry sector is your operations geared towards?
Rate the level of your digitalization:
0 digitalization (pen & paper)
somewhat digitalized (few computers/excel)
well digitalized (cloud/ops soft, ERP, etc.)
Are the business processes formally described?
Rate the level of your Information Security Program:
0 (no official Information Security program)
1 – some policies, some basic proficiency
2 – policies, formal training
3 - policies, formal(enforced) training, scheduled testing, etc
What behavior of your employees would you like to see changed as a result of training?
opening links and attachments
better and frequently changed passwords
use of MFA (Multi-Factor Authentication)
defending against social engineering
against phishing (smishing, vishing)
knowing how to deal with probable incidents
BYOD security awareness
public Wireless AP (access point) security awareness
securely handling and disposing of files/documents
physical access security measures (tailgating/piggybacking etc.)
How often would you prefer to have recurring Information Security awareness training sessions?
How often would you like to test your employees on Information Security training?