When security awareness sessions have been completed, it is
            good to review the effectiveness of the programs. Has the
            message been understood? Did the session change the attitude
            and behaviors of the staff? Was the core message clear and
            unambiguous?  This can be done through surveys at the end of
            the session, but those may be of limited value. The most
            important result of an awareness session is the effect the session
            has on the attitude and behaviors of staff. Therefore, one of the
            most important measures is whether the staff does believe the
            message and follows up with better security practices.
            Sometimes just checking how many people went back to their
            desks and changed their passwords after an awareness session
            can be a good measure of the effectiveness of the message.


            Summary of Human Resources Security

            Hire the right people and train them! This can be accomplished
            through a well-documented hiring process - that checks
            references, education, certification, and criminal history. Ensure
            that the staff responsible for maintaining systems and devices
            have been provided with suitable levels of training. Have a
            termination procedure to ensure that access is revoked and
            equipment is returned when leaving the organization. More
            importantly, ensure to delete corporate data from personal
            systems and equipment.

            Provide security awareness training and monitor the
            effectiveness of the training.