View : 70 Download: 0

The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence

Title
The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence
Authors
Kweon, EunkyungLee, HansolChai, SangmiYoo, Kyeongwon
Ewha Authors
채상미
SCOPUS Author ID
채상미scopus
Issue Date
2021
Journal Title
INFORMATION SYSTEMS FRONTIERS
ISSN
1387-3326JCR Link

1572-9419JCR Link
Citation
INFORMATION SYSTEMS FRONTIERS vol. 23, no. 2, pp. 361 - 373
Keywords
Information security incidentsInformation security trainingInformation security managementPoisson regression analysis
Publisher
SPRINGER
Indexed
SCIE; SCOPUS WOS scopus
Document Type
Article
Abstract
As recent cyber-attacks have been increasing exponentially, the importance of security training for employees also has become growing ever than before. In addition, it is suggested that security training and education be an effective method for discerning cyber-attacks within academia and industries. Despite the importance and the necessity of the training, prior study did not investigate the quantitative utility of security training in an organizational level. Due to the absence of referential studies, many firms are having troubles in making decisions with respect to arranging optimal security training programs with limited security budgets. The main objective of this study is to find out a relationship between cybersecurity training and the number of incidents of organizations. Thus, this study quantified the effectiveness of security training on security incidents as the first study. This research examined the relationship among three main factors; education time, education participants, and outsourcing with numbers of cybersecurity incidents. 7089 firm level data is analyzed through Poisson regression method. Based on analysis results, we found that the negative relationship between security trainings and the occurrence of cybersecurity incidents. This study sheds light on the role of security training and education by suggesting its positive association with reducing the number of incidents in organizations from the quantitative perspective. The result of this study can be used as a referential guide for information security training decision-making procedure in organizations.
DOI
10.1007/s10796-019-09977-z
Appears in Collections:
경영대학 > 경영학전공 > Journal papers
Files in This Item:
There are no files associated with this item.
Export
RIS (EndNote)
XLS (Excel)
XML


qrcode

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

BROWSE