Final answer:
Effective security training programs are crucial, as supported by studies showing the measurable benefits of training on employee performance and organizational results. Target's 2013 data breach exemplifies the consequences of ineffective training, highlighting the need for training that properly equips personnel to recognize and respond to security threats.
Step-by-step explanation:
The article suggesting that security awareness programs are a waste of time may not reflect the most effective approach to implement security training. A 2003 study by Arthur, Bennett, Edens, and Bell highlighted the effectiveness of organizational training, which included various forms of training such as self-instruction, lecture and discussion, and computer-assisted training.
They identified four types of measurement of training effectiveness: 1) employee's immediate response, 2) testing at the end of training, 3) supervisors' behavioral measurements of job activities, and 4) results like productivity and profits.
Bruno & Abrahão's study on human factors psychology showed that increased cognitive effort could lead to more mistakes in identifying security breaches, emphasizing the need for well-designed training that does not overwhelm employees. The studies imply that rather than making security training mandatory or voluntary, or outsourcing, it is necessary to focus on creating effective training programs that can be accurately measured for effectiveness.
The experience of the Target data breach in 2013 further indicates the importance of effective security training, as it was found that security personnel failed to correctly interpret signs of a breach. A well-structured security training program could potentially prevent such oversights.