Information Security Training: An Assessment of Effectiveness

1875 Words8 Pages
The increasing use of technology is the business sector has created the need for information security (IS) training. Training end-users on information security related items assists in the reduction of information risks that organizations encounter in the conduct of business operations. Furthermore, the absence of end-users training in information security will inevitably subject an entity to increased vulnerabilities that can render organizational security technologies and/or measures inept (Chen, Shaw, & Yang, 2006; Siponen, Mahmood, & Pahnila, 2009). A security risk is the likelihood that an incident will occur and organizations commit various resources to mitigate security risks and vulnerabilities (Fenz, Ekelhart, & Neubauer,…show more content…
This section identifies and discusses instructions centered on reducing information risks that facilitate the enhancement of information security techniques. The international community and governmental regulations set the instructions discussed forth. International The international community is directly and indirectly connected through information systems and as such, instructions or frameworks are developed and under constant revisions in efforts to improve information security techniques. The first framework discussed that assists in improving information security techniques is that of the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) 27002. The aforementioned framework is an internationally accepted standard that provides instructions for entities to map security protocols to regulatory and legal statutes (Wangwe, Eloff, & Venter, 2012). The ISO/IEC 27002 provides an entity with guidelines and recommendations to enhance security controls for the implementation of security controls. Although ISO/IEC 27002 only provides security control recommendations, it is only a subset of mandatory requirements set forth by ISO/IEC 27001, which summarizes controls for implementation. The recommended control measures of ISO/IEC 27002 cover topics such as information security policies, access control, asset management, business continuity, and information security incident management. The full list
Open Document