Training in shaping employee information security awareness
The purpose of this paper is to present the effectiveness of training in the development of employee awareness in the area of information security. Two kinds of primary research were carried out: surveys conducted among employees of various organizations, the essence of which involved a comparison of the awareness level in terms of security among people who had participated and those who had not participated in information security training; and a comparative analysis of results of an audit of information security awareness conducted among employees of a large organization before and after conveying information security training. Research results showed significant effectiveness of training as a method not only of information security knowledge extension but also, and most importantly, one that has a significant impact on actual behaviors of employees in the studied area. Due to the fact that the greatest gap in security measures involves the lack of employee awareness, and because training is an effective method of shaping the said awareness, organizations should develop and implement an adequate training program raising the level of employee awareness in terms of information security. It should be remembered that the program cannot be a one-off event but rather a cyclical one. While the importance of awareness in information security is well described in the subject literature, there is a shortage of publications, which show a direct influence of training on employees’ level of knowledge and behaviors in terms of information security. This paper, in an interesting, dual way, points to an actual impact of training both on expanding knowledge and on behaviors in terms of information security.
information security, employee training, information security awareness (ISA)
M12 , M15 , M53
This is an open access issue and all published articles are licensed under a
Creative Commons Attribution 4.0 International License