IT-Seal Logo Social Engineering Analysis Labs

Die Zukunft der Informationssicherheit
liegt nun in ihren Händen. Endlich.

Making safety awareness measurable:
The Employee Security Index (ESI®)

Author: Anjuli Franz, 26 June 2018
Reading time: 3 minutes

Security is a quantity that is difficult to measure.
What are you safe from, under what conditions and to what degree? How well does the workforce master digital self-defence as a "human firewall"? IT security managers in particular face major challenges here, both in securing the company against cyber attacks and in making investment decisions. The return of investment can hardly be determined precisely, which makes it difficult to justify budget demands.

Benchmark based on academic research.
In the area of social engineering and phishing awareness, IT-Seal has developed a benchmark (patent pending). The benchmark defines which state is considered "safe". A company can now be assessed based on the behaviour of how its workforce encounters attacks. The reaction to social engineering attacks is measured and the results are then compared with the company defined as "safe". This concept creates transparency and comparability.


The Employee Security Index (ESI®) makes security measurable.
As part of our social engineering simulations, we have packed this concept into a key figure: the Employee Security Index (ESI®). The ESI® quickly and comprehensibly represents a measure of employee safety in the company. The company previously defined as "safe" reaches a value of 90 on the ESI® scale. Our client company can continuously analyze their security standard after defining an individual ESI goal. On the other hand, the ESI® can also be determined for subgroups. Who is more secure, sales or human resources, and how does management compare to accounting? This information is valuable when it comes to further targeted measures such as training.

IT security awareness: complexity in one number.
Phishing can range from easily recognizable mass emails to customized
spear phishing. Therefore, the concrete calculation of the ESI is not only done by measuring and comparing click rates. In our Phishing Academy and Security Awareness Assessment we simulate attack scenarios of different levels of difficulty. The resulting click rates are evaluated differently in order to reflect the safety standard as accurately as possible. Change over time, group results and recommendations for action can all be presented by the ESI - and integrated in the clients' SOC (Security Operations Center) via our API. This makes the complex issue of human safety awareness measurable on a scale from 1 to 100. And communicable: Both the management and the employees are pleased about an achieved value of 87.

Stay in contact:
Subscribe to our social media channels

Was zeichnet uns aus:

Umfassende & standardisierte Analyse
Identifizierung & Quantifizierung 
der Sicherheitsprobleme
Made in Security Valley Darmstadt
Wissenschaftlich validiertes Konzept