You can:
- put in place continuous cyber and information security awareness and education programs, for example, training for specific groups
- use a range of methods to assess whether people’s security behaviour is improving
- compare the maturity of security awareness and culture in your organisation against others across government to determine effective improvements