A Review of Methods for Evaluating Security Awareness Initiatives

Assenza, Giacomo; Chittaro, Andrea; Maggio, Maria Carla De; Mastrapasqua, Marzia; Setola, Roberto

doi:10.1007/s41125-019-00052-x

Cited by 11 publications

(11 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• RQ2: How are the attitudes of users affected by each intervention approach? Attitude refers to the state of mind an individual has about the object of interest Ryan and Deci (2000), and it is directly linked with their awareness level Assenza et al (2019); Murchison (1935).…”

Section: Methodsmentioning

confidence: 99%

Assessment of the Impact of Information Security Awareness Training Methods on Knowledge, Attitude, and Behavior

et al. 2022

View full text Add to dashboard Cite

Technology is changing the way we work more than ever before. Therefore, it is critical to understand the security threats associated with these advanced tools to protect systems and data. Security is a combination of people, processes, and technology. Thus, to counter cyber-threats effectively, information security awareness (ISA) programs are an essential cornerstone of enterprise security. There are many ways in which information security knowledge can be delivered. In this paper, we have conducted an experiment to test the impact of multiple intervention strategies on knowledge, attitude, and behavior. The HAIS-Q was used to evaluate the effectiveness of training methods on the employees. Our study suggests that all the methods raised knowledge equivalently. However, having more than one delivery method to convey the same message had more impact on users' attitudes. When it comes to behavioral change, however, text-based and game-based training formats performed better than their counterparts. Additionally, employees' tendency in engaging in self-education activities and participating in future awareness programs were influenced by the intervention strategy. These findings have important implications, as ISA programs should be designed in a way that positively influences the mindset of employees and motivates them to embrace security practices in their daily activities.

show abstract

Section: Methodsmentioning

confidence: 99%

Assessment of the Impact of Information Security Awareness Training Methods on Knowledge, Attitude, and Behavior

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Defences within the digital space include detections, prevention and response to threats using software tools built around institutional security policies but no technology-based defence system deal with cyberbullying related threats. The human aspect of the information system usage is believed to be the weakest link in the execution of the security program [4]. Therefore, a well-focused education program on cybersecurity awareness to prevent cyberbullying of various forms is critical for the users [4].…”

Section: International Journal Of Social Science Research and Reviewmentioning

confidence: 99%

“…The human aspect of the information system usage is believed to be the weakest link in the execution of the security program [4]. Therefore, a well-focused education program on cybersecurity awareness to prevent cyberbullying of various forms is critical for the users [4]. The education program may involve protection against data leakages and secure use of emails, social media, and passwords [5], [6].…”

Section: International Journal Of Social Science Research and Reviewmentioning

confidence: 99%

Cyberbullying Prevalence at a Rural Based University in the Eastern Cape, South Africa

Mwansa,

Ngandu,

Khala

2023

IJSSRR

View full text Add to dashboard Cite

Defences within the digital space against cybersecurity include detection, prevention and response to threats using software tools, however, there no significant technology-based defence systems that deal with cyberbullying related threats. A lack of cybersecurity defence systems and limited cybersecuriy awareness may expose students to cyberbullying and students are likely to suffer, resulting in effects such as psychological and emotional abuse that may eventually contribute towards high drop-outs rates. The objective of this study was to investigate the prevalence of cyberbullying among students at a public university based in the Eastern Cape of South Africa. This research study followed a mixed method approach and a thematic analysis guided by the Theory of Reasoned Action (TRA) theoretical framework. The study found strong cyberbullying penetration within the student community under investigation. As part of the study findings, it was found that activities such as cybersecurity awareness programmes may mitigate the impact of cyberbullying on students and such interventions should form part of any higher education institution’s responsibility.

show abstract

“…Notice that OSINT can also be used to contrast social engineering attacks. Indeed, understanding what kind of data is exposed on the network is extremely relevant to design appropriate awareness campaigns (Assenza et al, 2020 ). Hence, there are several examples of integrating the OSINT methodology into the organization's security system, particularly in the cybersecurity field.…”

Section: Introductionmentioning

confidence: 99%

Review OSINT tool for social engineering

Nobili

2023

Front. Big Data

View full text Add to dashboard Cite

In recent years, we observed an increase in cyber threats, especially social engineering attacks. By social engineering, we mean a set of techniques and tools to collect information about a person or target to extort sensitive information. Such information might be used for (industrial) espionage, to blackmail the user, or represent the starting point to perform malicious cyber attacks against the individual or, more often, against the organization they work for. The human factor is often the most vulnerable element in the security of any system, and the mass of information we disseminate online largely facilitates social engineering activities. To prevent and mitigate social engineering attacks, Open Source INTelligence (OSINT) techniques and tools can be used to evaluate the level of exposition of an individual or an organization. OSINT is the collection of information through open sources, that is, sources not protected by copyright or privacy. The article reviews the main OSINT tools for countering and preventing social engineering attacks. Specifically, it proposes the different tools diving them accordingly to the specific information they allow to track (e-mail, social profiles, phone numbers, etc.).

show abstract

A Review of Methods for Evaluating Security Awareness Initiatives

Cited by 11 publications

References 41 publications

Assessment of the Impact of Information Security Awareness Training Methods on Knowledge, Attitude, and Behavior

Assessment of the Impact of Information Security Awareness Training Methods on Knowledge, Attitude, and Behavior

Cyberbullying Prevalence at a Rural Based University in the Eastern Cape, South Africa

Review OSINT tool for social engineering

Contact Info

Product

Resources

About