An Overview of International Cyber-Security Awareness Raising and Educational Initiatives (2011)
4.1. Evaluation
The absence of campaign evaluations in the Cyber-Security education field should send a warning to any organisation considering conducting or supporting such campaigns. A large number of campaigns have been undertaken, subject to very limited evaluation or even discussion of their effectiveness.
This report recommends the establishment of an evaluation framework for Cyber-Security education and awareness campaigns in Australia. The best-practice approach to campaign evaluation may include the following:
- 1. Promotion of independent and expert oversight for campaigns;
- 2. The incorporation of an evaluation component into campaign budgets;
- 3. The use of multi-process evaluations where key performance indicators and metrics are in place before, during and after each campaign;
- 4. The integration of user-centred design evaluation techniques into all stages of the design process, to improve alignment with actual needs as a project develops;
- 5. The publication of campaign evaluations so that key lessons can be shared; and
- 6. The development and continuous refinement of design criteria for effective campaigns (refer to the following recommendation for further details).