IT-Seal Logo Social Engineering Analysis Labs
Logo Europaflagge
+ 49 6151 493 8990

Die Zukunft der Informationssicherheit
liegt nun in ihren Händen. Endlich.

Making safety awareness measurable:
The Employee Security Index (ESI®)

Author: Anjuli Franz, 26 June 2018
Reading time: 3 minutes

Security is a quantity that is difficult to measure.
What are you safe from, under what conditions and to what degree? How well does the workforce master digital self-defence as a "human firewall"? IT security managers in particular face major challenges here, both in securing the company against cyber attacks and in making investment decisions. The return of investment can hardly be determined precisely, which makes it difficult to justify budget demands.

Benchmark based on academic research.
In the area of social engineering and phishing awareness, IT-Seal has developed a benchmark (patent pending). The benchmark defines which state is considered "safe". A company can now be assessed based on the behaviour of how its workforce encounters attacks. The reaction to social engineering attacks is measured and the results are then compared with the company defined as "safe". This concept creates transparency and comparability.


The Employee Security Index (ESI®) makes security measurable.
As part of our social engineering simulations, we have packed this concept into a key figure: the Employee Security Index (ESI®). The ESI® quickly and comprehensibly represents a measure of employee safety in the company. The company previously defined as "safe" reaches a value of 90 on the ESI® scale. Our client company can continuously analyze their security standard after defining an individual ESI goal. On the other hand, the ESI® can also be determined for subgroups. Who is more secure, sales or human resources, and how does management compare to accounting? This information is valuable when it comes to further targeted measures such as training.

IT security awareness: complexity in one number.
Phishing can range from easily recognizable mass emails to customized spear phishing. Therefore, the concrete calculation of the ESI is not only done by measuring and comparing click rates. In our Phishing Academy and Security Awareness Assessment we simulate attack scenarios of different levels of difficulty. The resulting click rates are evaluated differently in order to reflect the safety standard as accurately as possible. Change over time, group results and recommendations for action can all be presented by the ESI - and integrated in the clients' SOC (Security Operations Center) via our API. This makes the complex issue of human safety awareness measurable on a scale from 1 to 100. And communicable: Both the management and the employees are pleased about an achieved value of 87.

Next articleblog overview
Share:

Stay in contact:
Subscribe to our social media channels

We are looking forward to hearing from you

Was zeichnet uns aus:

Umfassende & standardisierte Analyse
Identifizierung & Quantifizierung 
der Sicherheitsprobleme
Made in Security Valley Darmstadt
Wissenschaftlich validiertes Konzept
IT-Seal Logo Phishing Audit
Portfolio
Phishing AcademySecurity Awareness AssessementSecurity Culture AuditPhone Phishing (Vishing) 
& Awareness MaterialFree phishing simulation (German)
Company
About usIT-Seal in 120 secondsF-BlogIT-Seal NewsContactPrivacy Policy (German)Legal Notice (German)
Hello Friend
About us

We help companies protect their most valuable assets – the employees – from current threats.

PHISHING Basics for employeesHow do I recognize phishing? What is Social Hacking? How do I protect myself?

Made with ♥ in Security Valley Darmstadt 
© 2017, IT-Seal GmbH. All Rights Reserved.