by Daniel J. Solove
A recent article in CIO explores the question: Is data security awareness training effective?
The answer: Yes.
The article points to an ISACA study that seeks to measure the effectiveness of data security awareness training. The study concludes: “Security awareness training is a vital nontechnical component to information security. As such, it is in the interest of the public and private sectors to continue to research this component that directly impacts security’s weakest link: humans.”
The study notes that “Respondents from a recent Enterprise Strategy Group survey stated that training users on confidential data security policies was the most important measure for protecting proprietary information.”
The CIO article points out that “when specific employee behaviors are addressed in a meaningful way to bring about a security-aware culture, the incidence and cost of non-compliance plummets.”
Education has both an intrinsic and instrumental value. Education is good because it is good in-and-of-itself to learn more about things, and education is good because it is one of the most powerful tools for improving decisions and behavior.
So the conclusion of the article is no surprise. But it’s always nice to hear it emphasized.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of training on privacy and security topics. This post was originally posted on his blog at LinkedIn, where Solove is an “LinkedIn Influencer.” His blog has more than 600,000 followers.
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* Professor Solove’s LinkedIn Influencer blog
* Professor Solove’s Twitter Feed
* Professor Solove’s Newsletter