Measuring the effectiveness of information security training: A comparative analysis of computer-based training and instructor-based training .

摘要

Financial institutions are increasingly finding difficulty defending against information security risks and threats, as they are often the number one target for information thieves. An effective information security training and awareness program can be a critical component of protecting an organization's information assets. Many financial institutions have invested numerous resources in implementing information security training and awareness programs, but few have explored deeper to examine the effectiveness of these training programs.;The purpose of this study was to examine the effectiveness of an information security awareness program within a financial services institution in Western Pennsylvania. Effectiveness of information security training program was determined by transfer of learning, knowledge retention, and the level of trainee satisfaction. Additionally, the study was designed to determine whether the implementation of two different modes of training delivery, Instructor-based Training (IBT) and Computer-based Training (CBT) led to different results of effectiveness.;The study used a quasi-experimental, quantitative approach to measure and analyze the results, which included administering pre- and post-tests within both IBT and CBT groups. The study found that instructor-based trainees had higher levels of transfer of learning and overall trainee satisfaction when compared to their computer-based counterparts. The results of the study showed that computer-based trainees had a higher level of knowledge retention than the instructor-based trainees within the 60-day post-test period. However, there was no statistically significant difference in knowledge retention between either groups within the 90-day post-test period.