The Need for Effective Information Security Awareness

Aloul, Fadi

doi:10.20533/ijicr.2042.4655.2011.0014

Cited by 13 publications

(18 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They concluded that the more educated a student was in academic year, the less likely they were to fall for the phishing scam. Similarly, Aloul [2] presented a project in which a fake website portal recorded the number of students who navigate to this phishing trap. They recorded 9% of the 11,000 students falling for the fraudulent portal.…”

Section: Previous Workmentioning

confidence: 99%

Phishing in an academic community: A study of user susceptibility and behavior

Diaz¹,

Sherman²,

Joshi

2019

Cryptologia

View full text Add to dashboard Cite

We present an observational study on the relationship between demographic factors and phishing susceptibility at the University of Maryland, Baltimore County (UMBC). In spring 2018, we delivered phishing attacks to 450 randomlyselected students on three different days (1,350 students total) to examine user click rates and demographics among UMBC's undergraduates. Participants were initially unaware of the study. We deployed the Billing Problem, Contest Winner, and Expiration Date phishing tactics. Experiment 1 claimed to bill students; Experiment 2 enticed users with monetary rewards; and Experiment 3 threatened users with account cancellation.We found correlations resulting in lowered susceptibility based on college affiliation, academic year progression, cyber training, involvement in cyber clubs or cyber scholarship programs, time spent on the computer, and age demographics. We found no significant correlation between gender and susceptibility. Contrary to our expectations, we observed greater user susceptibility with greater phishing knowledge and awareness. Students who identified themselves as understanding the definition of phishing had a higher susceptibility than did their peers who were merely aware of phishing attacks, with both groups having a higher susceptibility than those with no knowledge of phishing. Approximately 59% of subjects who opened the phishing email clicked on its phishing link, and approximately 70% of those subjects who additionally answered a demographic survey clicked.

show abstract

Section: Previous Workmentioning

confidence: 99%

Phishing in an academic community: A study of user susceptibility and behavior

Diaz¹,

Sherman²,

Joshi

2019

Cryptologia

View full text Add to dashboard Cite

show abstract

“…The cultural factor resulted from the trust phenomena makes the user share his/her private information with friends and relatives. In this direction, Aloul (2012) asserts that education on user privacy is imperative for Arab internet users due to the lack of knowledge of social engineering attack techniques. Consequently, dealing with these issues individually produces incoherent and brittle outcome (Dourish and Anderson, 2006).…”

Section: Discussionmentioning

confidence: 99%

“…It is clearly known that privacy and security are difficult to manage from the technical perspective and that is because they are caught up in larger collective rhetorics and practices of risk, danger, secrecy, trust, morality, identity. Furthermore, the continuous increase of internet usage allows attackers to gain unauthorised access to information by exploiting user's trust and tendency to help (Aloul, 2012). The other factor is the lack of security awareness.…”

Section: Discussionmentioning

confidence: 99%

Cultural impact on user authentication systems

Alkaabi

Maple

2013

IJBCRM

View full text Add to dashboard Cite

Sharing sensitive information including passwords of online accounts can be found in some themes, but with reason and generally on a small scale. However, we have conducted a study on the Gulf Cooperation Council (GCC) countries, which has shown that there is a significant level of sensitive information-sharing among employees in the region. This is proven to highly contribute to compromising user digital authentication, eventually, putting users' accounts at risk. The potential threats of sensitive information-sharing can considerably harm both individuals and organisations in many ways. Technology and security solutions that aim to protect the organisation's assets will be limited if staff are not fully aware and convinced of the concept of information security. This paper discusses the consequences of this phenomenon on the GCC countries and suggests aspects of a solution based on the special characteristics of the Arab culture, which also considers human behaviour.

show abstract

“…Companies normally use advance security technologies to protect their information and only train their security professionals, but limited attention is given to the awareness of information among the actual users of the information (Aloul, 2012). Conducted studies indicated that the majority of computer users have an absence of information security knowledge due to inadequate awareness (Aldawood & Skinner, 2018).…”

Section: Weakest Linkmentioning

confidence: 99%

“…Conventional methods (posters and newsletters) or online communications methods can be used to enhance ISA (Aloul, 2012;Alotaibi & Alfehaid, 2018). Emails can also be used as a medium to make people aware about cyber security threats that can face them (Dugan, 2018).…”

Section: Initiatives To Improve Cyber Security Awarenessmentioning

confidence: 99%

The Awareness Behaviour of Students on Cyber Security Awareness by Using Social Media Platforms: A Case Study at Central University of Technology

Potgieter¹

Kalpa Publications in Computing

View full text Add to dashboard Cite

The internet is not a secure place because of limited regulations. The unawareness of users about threats that can face them in cyberspace, can cause the successful execution of such threats. Users should establish a culture of awareness before entering the workforce. Therefore, academic institutions should engage in the process to enhance cyber security awareness (CSA) among students. In order to communicate effectively on CSA, the medium of communication should be familiar to the user and the user has to engage with this medium on a regular basis.Students at a higher academic institution reveal that they engage with social media platforms at least once a week with Facebook and YouTube the most popular. They also use communication media like websites to pursue material about CSA.This study found that there is a lack among students to engage with CSA initiatives that are available. It is suggested that academic institutions can contribute to the awareness of students by providing CSA material on a regular basis to them. Institutions can make use of social media platforms (Facebook and YouTube) and also communication mediums (institutional website and e-mails) to communicate CSA material with the students.

show abstract

The Need for Effective Information Security Awareness

Cited by 13 publications

References 4 publications

Phishing in an academic community: A study of user susceptibility and behavior

Phishing in an academic community: A study of user susceptibility and behavior

Cultural impact on user authentication systems

The Awareness Behaviour of Students on Cyber Security Awareness by Using Social Media Platforms: A Case Study at Central University of Technology

Contact Info

Product

Resources

About