An Overview of International Cyber-Security Awareness Raising and Educational Initiatives (2011)

4.1. Evaluation

The absence of campaign evaluations in the Cyber-Security education field should send a warning to any organisation considering conducting or supporting such campaigns. A large number of campaigns have been undertaken, subject to very limited evaluation or even discussion of their effectiveness.

This report recommends the establishment of an evaluation framework for Cyber-Security education and awareness campaigns in Australia. The best-practice approach to campaign evaluation may include the following:

  • 1. Promotion of independent and expert oversight for campaigns;
  • 2. The incorporation of an evaluation component into campaign budgets;
  • 3. The use of multi-process evaluations where key performance indicators and metrics are in place before, during and after each campaign;
  • 4. The integration of user-centred design evaluation techniques into all stages of the design process, to improve alignment with actual needs as a project develops;
  • 5. The publication of campaign evaluations so that key lessons can be shared; and
  • 6. The development and continuous refinement of design criteria for effective campaigns (refer to the following recommendation for further details).