5. Security training: training users about importance
of security and controls increase the awareness of
users and breaches due to ignorance can be
prevented [29]. In addition, employee awareness of
security issues prevents security attacks proactively
[46], [3]. Security training has been consistently
mentioned by many researchers as a prerequisite to
implement security governance program [35], [1].
Training helps in better utilization of overall
security measures used in an organization. Security
training helps in better internal control management,
implementation and communications of policies,
creation of encompassing security awareness in the
organization and provides value to security
governance efforts in the long term.
An analysis of research in information systems
security governance from behavioral perspective
leads us to believe that there is more research in
technical aspects of information systems security
governance than in behavioral aspects. A trend of
neglecting behavioral issues in research is
detrimental to growth of overall integrated security
governance solutions because behavioral aspects of
information systems security governance are an
integral part of a successful long term information