LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

Why are different test measures used for awareness, training, and education?

Because each level targets a different cognitive depth: you verify recognition with true/false questions, skill with problem-solving, and understanding with essays.

The mapping:

  • Awareness → True/False, Multiple Choice — "identify learning": can the person recognize a phishing mail when shown one? Recognition is binary and testable at scale.
  • Training → Problem Solving — "apply learning": give a realistic scenario and check whether the person performs the right steps (e.g. correctly handles a suspicious attachment in a simulation).
  • Education → Essay — "interpret learning": can the person reason about trade-offs, justify a decision, transfer principles to a new situation?

Why this matters in practice: measuring with the wrong instrument produces false confidence. A 95% pass rate on a multiple-choice quiz after the annual e-learning proves recognition, not behavior — which is exactly the KPI trap ("Teilnahmequote sagt nichts über Verhaltensänderung"). If the goal is skill, the measurement must demand application: simulated phishing, not quiz scores.

From Quiz: ISM / The Human Factor — Security Awareness | Updated: Jun 04, 2026