Operations Security
Effective metrics are the clearest way to assure compliance with policies.
Metrics can show how compliance is working. If you set a rule on a policy so that you can identify if it has been read, acknowledged, and accepted by signature, you have a metric on how many users have done so. If the policy is based on system access, a metric would be the number of employees who have accessed the system.
Answer the following question(s):
What kind of metrics would be useful that are based on testing knowledge after security awareness training? The metrics could be obtained immediately after training or at periodic intervals over several months.