Impact of user awareness and training of InfoSec practitioners on data security

Reliance on electronic information to conduct business activities forces many organizations to grant access to their Information Technology (IT) systems to employees, customers, partners, and suppliers. Despite significant investments by senior managers in their IT security program, organizations continue to experience major data loss and nonstop security breaches. The purpose of this study was to provide executives a framework to guide them in deciding how to effectively mitigate risks to data assets. This researcher utilized an experimental Solomon four-group design using a sample of 60 graduate students in business administration representing end users and 60 graduate students in information systems representing information security practitioners, to investigate the impact of user awareness and training of security practitioner on data security. Research questions in this study examined the impact of practitioners' knowledge of best practices in securing enterprise routers and user awareness training concerning social engineering-based threats on data security. Data collected were analyzed using Cronbach's alpha and Kuder-Richardson 20 coefficient for reliability. ANOVA and Tukey tests at a significance level of 5% resulted in a statistical difference between the control group and treatment group for both the end user and practitioner groups. A survey administered to the practitioner group suggested that incentives and deterrence coupled with user awareness and training could also play a role in mitigating risks to information assets. This study's social impact tackled Information Security (IS) practitioners' ability to provide a higher-level protection of information assets at minimal costs.