A study of information security awareness program effectiveness in predicting end-user security behavior

Abstract

As accessibility to data increases, so does the need to increase security. For organizations of all sizes, information security (IS) has become paramount due to the increased use of the Internet. Corporate data are transmitted ubiquitously over wireless networks and have increased exponentially with cloud computing and growing end-user demand. Both technological and human strategies must be employed in the development of an information security awareness (ISA) program. By creating a positive culture that promotes desired security behavior through appropriate technology, security policies, and an understanding of human motivations, ISA programs have been the norm for organizational end-user risk mitigation for a number of years (Peltier, 2013; Tsohou, Karyda, Kokolakis, & Kiountouzis, 2015; Vroom & Solms, 2004). By studying the human factors that increase security risks, more effective security frameworks can be implemented. This study focused on testing the effectiveness of ISA programs on enduser security behavior. The study included the responses of 99/400 employees at a mid-size corporation. The theory of planned behavior was used as model to measure the results of the tool. Unfortunately, while data collected indicated that ISA does cause change in security behavior, the data also showed no significance. Thus, we fail to reject the null hypothesis

    Similar works