Abstract
The purpose of this paper is to present the effectiveness of training in the development of employee awareness in the area of information security. Two kinds of primary research were carried out: surveys conducted among employees of various organizations, the essence of which involved a comparison of the awareness level in terms of security among people who had participated and those who had not participated in information security training; and a comparative analysis of results of an audit of information security awareness conducted among employees of a large organization before and after conveying information security training. Research results showed significant effectiveness of training as a method not only of information security knowledge extension but also, and most importantly, one that has a significant impact on actual behaviors of employees in the studied area. Due to the fact that the greatest gap in security measures involves the lack of employee awareness, and because training is an effective method of shaping the said awareness, organizations should develop and implement an adequate training program raising the level of employee awareness in terms of information security. It should be remembered that the program cannot be a one-off event but rather a cyclical one. While the importance of awareness in information security is well described in the subject literature, there is a shortage of publications, which show a direct influence of training on employees’ level of knowledge and behaviors in terms of information security. This paper, in an interesting, dual way, points to an actual impact of training both on expanding knowledge and on behaviors in terms of information security.
Highlights
In the contemporary electronic knowledge-based economy, information has become a precious resource
According to Data Security Standard (PCI 2014), directing the provision of appropriate materials to appropriate recipients in a swift and effective way is the key to effective raising of information security awareness
Training is an effective method of shaping employee awareness in the area of information security
Summary
In the contemporary electronic knowledge-based economy, information has become a precious resource. According to Data Security Standard (PCI 2014), directing the provision of appropriate materials to appropriate recipients in a swift and effective way is the key to effective raising of information security awareness. According to the PCI Standard (2014), the effectiveness of training in raising awareness is determined by the level of engagement and, indirectly, by the size of the group of recipients taking part in it. Conducting security awareness training by way of many communication channels ensures that employees acquire and remember the presented information better. The existence of a relationship between knowledge and actual behaviors of employees in the sphere of information security and participation in data security training was verified by means of the χ2 test of independence according to formula (1). Analysis of literature addressing: The essence of employees’ information security awareness and its levels, Methods of shaping employees’ information security awareness, The importance of shaping awareness in the investigated area
Sign-in/Register to view highlights & summary 
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call