This article will take you through Employee Security IQ Scoring functionality. This functionality is enabled by default on the Reporting page and is updated every 24 hours (or through a manual refresh).
Table Of Contents
- 1. What Is A Security IQ Score?
- 2. How Are Security IQ Scores Used?
- 3. How Are Security IQ Scores Calculated And Categorised?
- Appendix A. Example Employee Security IQ Score & Calculation
1. What Is A Security IQ Score?
CanIPhish extract unique email addresses listed in employee lists and campaign statistics, we then attribute these email addresses to unique employees and investigate what training modules they've completed, the difficulty of completed modules, and how recently the modules were completed to understand the Security IQ Score of a given employee.
2. How Are Security IQ Scores Used?
CanIPhish use Security IQ Scores to assist with the intelligent assignment of training modules. We use the Security IQ Scores to understand the relative skill level of an employee, and accordingly attempt to assign training at that skill level. As an employee's Security IQ Score increases, so will the difficulty of the training they receive.
For example, an employee with an Advanced Level Security IQ, will be assigned training modules with an Advanced Skill Level.
Note: This depends on the available modules selected, and whether the employee has already completed the existing selection of Advanced training modules. If this is the case, then the employee will potentially be assigned Intermediate, and then finally Beginner training to avoid the reassignment of training recently completed.
3. How Are Security IQ Scores Calculated And Categorised?
Employees are assigned a Security IQ Score out of 100, with 0 representing those with a beginner skill level, and 100 represented those with an advanced skill level.
3.1. How Does The Security IQ Scoring Algorithm Work?
CanIPhish consider three metrics when calculating the Security IQ Score of a given employee:
- What training has the employee completed in the past 24 months.
- Trainings completed before this are considered too old to be materially useful to an employee's overall security awareness.
- What was the skill level (i.e. difficulty) of completed training assignments?
- Beginner Training: Receives 15 IQ Points
- Intermediate Training: Receives 20 IQ Points
- Advanced Training: Receives 25 IQ Points
- How recently was the training completed.
- Completed trainings receive less IQ Points for every month that passes between the current date, and the date that the training was completed. This is represented as a penalisation for every month that passes over a 24 month period. E.g. An intermediate training completed 3 months ago will receive 17.5 IQ Points (noting a 12.5% deduction from the available 20 IQ Points).
This calculation is to reinforence the need to conduct continuous and progressively more difficult training as an employee progresses through their security awareness training journey.
3.2 What Are The Security IQ Categories And Thresholds?
We bucket employees into three Security IQ categories based on the below thresholds:
- 0-39 Security IQ = Beginner Level
- 40-69 Security IQ = Intermediate Level
- 70-100 Security IQ = Advanced Level
Appendix A. Example Employee Security IQ Score & Calculation
John Doe joined Contoso Corp 18 months ago, and since joining he has completed 7 training modules. One training module has been assigned every 3 months and through use of intelligent training assignments, the difficulty has progressed as John's Security IQ has increased.
- 1st Training - Completed 18 Months Ago (75% deduction) - Beginner Skill Level: 3.75 IQ Points
- 2nd Training - Completed 15 Months Ago (62.5% deduction) - Beginner Skill Level: 5.6 IQ Points
- 3rd Training - Completed 12 Months Ago (50% deduction) - Beginner Skill Level: 7.5 IQ Points
- 4th Training - Completed 9 Months Ago (37.5% deduction) - Beginner Skill Level: 9.4 IQ Points
- 5th Training - Completed 6 Months Ago (25% deduction) - Intermediate Skill Level: 15 IQ Points
- 6th Training - Completed 3 Months Ago (12.5% deduction) - Intermediate Skill Level: 17.5 IQ Points
- 7th Training - Completed This Month (No deduction) - Intermediate Skill Level: 20 IQ Points
John's Security IQ as of today is at an Advanced Level (79/100).
Comments
0 comments
Please sign in to leave a comment.