University of Twente Student Theses


Why Should Security Train My Staff?

Chandra, Melvin Sumon (2021) Why Should Security Train My Staff?

[img] PDF
Abstract:The human element is an overlooked aspect of cybersecurity in an organisational context. To increase the security in an organisation, they tend to launch a security awareness program (e.g. a series of e-learning) aiming to teach their staff to behave more secure (e.g. not click on a link of a phishing email or to report security incidents at the security department). This article aims to analyse the benefits of security interventions which then leads to the reduction in vulnerability of an organisation in terms of economic benefits. A literature review is done to compile research done on the benefits of security awareness training, and a simulation study is carried out to create a model which illustrates how investments in security awareness can affect the expected monetary benefits from such investments. Based on the model, the rate of change of the expected benefits slowly decreases for an increasing amount of investments. The results further suggest that organisations should aim for the optimal amount of investment where the difference between the benefits and investment costs are maximised.
Item Type:Essay (Bachelor)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science BSc (56964)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page