#5 Provide immediate feedback when possible

[Martin Ruskov]

Ideally users will be provided with immediate positive feedback when they do a correct action. However, security compliance is a complex topic and it is rarely possible to say what is a good and what is a bad decision. That's why we simulate the activity to allow people to explore the causes and effects. Still, whenever possible direct feedback needs to be provided (e.g. as a pop-up thumbs up icon or something similar). Such actions are e.g. when a user provides a comment to an intervention.