Information Security Training: An Assessment of Effectiveness

1890 Words8 Pages
The increasing use of technology is the business sector has created the need for information security (IS) training. Training end-users on information security related items assists in the reduction of information risks that organizations encounter in the conduct of business operations. Furthermore, the absence of end-users training in information security will inevitably subject an entity to increased vulnerabilities that can render organizational security technologies and/or measures inept (Chen, Shaw, & Yang, 2006; Siponen, Mahmood, & Pahnila, 2009). A security risk is the likelihood that an incident will occur and organizations commit various resources to mitigate security risks and vulnerabilities (Fenz, Ekelhart, & Neubauer, 2011). However, organizational commitment of resources does not alleviate responsibilities to constantly develop, purchase, or modify systems that assist in reducing security risks. The first section of this article will identify instructions that contribute to improving advance information security techniques. These various security techniques support organizational strategies that reduce information risks. Furthermore, this article will evaluate and compare knowledge-based systems used to reduce information risks. Lastly, the article will present a comparison on systems that are capable of managing information and subsequently provide ways to reduce information risks. Improving Information Security Techniques End-users are the weakest link regarding information security related items (Spears & Barki, 2010). Contrary to the aforementioned belief, Chen et al. (2006) stated the humans are more important than the technology used to reduce risks associated with information security. Arguably, a c... ... middle of paper ... ...iciency. Region Formation & Development Studies(8), 167-176. Retrieved from http://journals.ku.lt/index.php/RFDS Senft, S., Gallegos, F., & Davis, A. (2012). Information Technology Control and Audit (4th ed.). Boston, MA, USA: Auerbach Publishers, Incorporated. Siponen, M., Mahmood, M. A., & Pahnila, S. (2009). Are employees putting your company at risk by not following information security policies? Communications of the ACM, 52(12), 145-147. doi:10.1145/1610252.1610289 Spears, J. L., & Barki, H. (2010). User participation in information systems security risk management. MIS Quarterly, 34(3), 503-A5. Retrieved from http://www.misq.org/ Wangwe, C. K., Eloff, M. M., & Venter, L. (2012). A sustainable information security framework for e-government – case of Tanzania. Technological & Economic Development of Economy, 18(1), 117-131. doi:10.3846/20294913.2012.661196

More about Information Security Training: An Assessment of Effectiveness

Open Document