Measuring Security Awareness as a Metric

In the face of regular news reports of serious data breaches, and best practices outlining the need for security awareness programs, information security departments want to demonstrate the effectiveness of their security awareness programs. User awareness and training is often touted as providing the greatest return on investment in terms of security. Are simple questionnaires or quizzes administered periodically enough to measure effectiveness? Are they reliable? With the transient nature of students, are they accurate and comparable year to year? What other ways are there to measure security awareness? Hear what peers from other institutions are doing in a face-to-face panel discussion.