Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study1

Employee noncompliance with information systems security policies is a key concern for organizations. If users do not comply with IS security policies, security solutions lose their efficacy. Of the different IS security policy compliance approaches, training is the most commonly suggested in the literature. Yet, few of the existing studies about training to promote IS policy compliance utilize theory to explain what learning principles affect user compliance with IS security policies, or offer empirical evidence of their practical effectiveness. Consequently, there is a need for IS security training approaches that are theory-based and empirically evaluated. Accordingly, we propose a training program based on…