security awareness training
Recently Published Documents


TOTAL DOCUMENTS

51
(FIVE YEARS 15)

H-INDEX

5
(FIVE YEARS 1)

2022 ◽  
Vol 6 ◽  
Author(s):  
Matthew Canham ◽  
Clay Posey ◽  
Michael Constantino

To better understand employees’ reporting behaviors in relation to phishing emails, we gamified the phishing security awareness training process by creating and conducting a month-long “Phish Derby” competition at a large university in the U.S. The university’s Information Security Office challenged employees to prove they could detect phishing emails as part of the simulated phishing program currently in place. Employees volunteered to compete for prizes during this special event and were instructed to report suspicious emails as potential phishing attacks. Prior to the beginning of the competition, we collected demographics and data related to the concepts central to two theoretical foundations: the Big Five personality traits and goal orientation theory. We found several notable relationships between demographic variables and Phish Derby performance, which was operationalized from the number of phishing attacks reported and employee report speed. Several key findings emerged, including past performance on simulated phishing campaigns positively predicted Phish Derby performance; older participants performed better than their younger colleagues, but more educated participants performed poorer; and individuals who used a mix of PCs and Macs at work performed worse than those using a single platform. We also found that two of the Big Five personality dimensions, extraversion and agreeableness, were both associated with poorer performance in phishing detection and reporting. Likewise, individuals who were driven to perform well in the Phish Derby because they desired to learn from the experience (i.e., learning goal orientation) performed at a lower level than those driven by other goals. Interestingly, self-reported levels of computer skill and the perceived ability to detect phishing messages failed to exhibit a significant relationship with Phish Derby performance. We discuss these findings and describe how focusing on motivating the good in employee cyber behaviors is a necessary yet too often overlooked component in organizations whose training cyber cultures are rooted in employee click rates alone.


2022 ◽  
pp. 233-261
Author(s):  
Adéle Da Veiga

A security culture can be a competitive advantage when employees uphold strong values for the protection of information and exhibit behavior that is in compliance with policies, thereby introducing minimal incidents and breaches. The security culture in an organization might, though, not be similar among departments, job levels, or even generation groups. It can pose a risk when it is not conducive to the protection of information and when security incidents and breaches occur due to employee error or negligence. This chapter aims to give organizations an overview of the concept of security culture, the factors that could influence it, an approach to assess the security culture, and to prioritize and tailor interventions for high-risk areas. The outcome of the security culture assessment can be used as input to define security awareness, training, and education programs aiding employees to exhibit behavior that is in compliance with security policies.


2021 ◽  
Vol 93 (7s) ◽  
pp. 197-207
Author(s):  
Albert Grapa ◽  
◽  
Edgar Lemoncito ◽  

This study focused on the cadets’ perception of the level of implementation of maritime security in coastwise trade in selected ports of Western Visayas, Philippines, based on the ISPS Code requirements applicable onboard vessels and in port. This study aims to: (1) Determine the level of implementation of domestic companies in terms of the ship security plan or certificate, security drills, control of visitors on board, identification of restricted areas onboard, and security equipment used; (2) Identify the challenges that domestic vessels experience in the implementation of these procedures; and (3) Find out how the cadets are engaged in the process of implementing the requirements in terms of security drills and control of visitors on board and the roles they are tasked to perform. A research-made instrument designed for cadets was used to gather the data. The results revealed that domestic companies’ implementation is heightened during MARSEC Level 2, which happens when there is a heightened level and when security risk has become visible to security personnel. The greatest challenge as perceived by the cadets was specifically on technology advancement, which affects the security and equipment of the domestic vessels. The cadets are engaged in implementing the ISPS code on security drills and control of visitors on board by performing the roles assigned to them by their senior officers. Based on this study’s results, it is recommended that emphasis must be given on topics in maritime security for the students to be equipped with this knowledge during their cadetship program. Training centers may enhance the maritime security training’s effectiveness to include Seafarers with Designated Security Duties, Security Awareness Training, and Ship Security Assessment.


2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Laila Dahabiyeh

Purpose As insiders remain to be a main reason behind security breaches, effective information security awareness campaigns become critical in protecting organizations from security incidents. The purpose of this paper is to identify factors that influence organizational adoption and acceptance of computer-based security awareness training tools. Design/methodology/approach The paper uses content analysis of online reviews of the top ten computer-based security awareness training tools that received Gartner peer insights Customers’ Choice 2019 award. Findings This study identifies nine critical adoption and success factors. These are synthesized into a conceptual framework based on the technology–organization–environment framework. The findings reveal that technological, organizational and environmental factors come into play in adoption decisions but with varying degrees of importance. Practical implications This study highlights key factors that technology vendors should take into consideration when designing computer-based security awareness training tools to increase adoption rates. Originality/value This research offers a novel contribution to the literature on information security awareness delivery methods by identifying key factors that influence organizational adoption and acceptance of computer-based security awareness training tools. Those factors were identified using content analysis of online reviews, which is a new methodological approach to the information security awareness literature.


Author(s):  
Michael A. Sletten

Learning a second language is challenging for anyone worldwide. When trying to learn a second language in a remote area of the world or under circumstances that do not allow for face-to-face learning, it becomes even more challenging. With the invention and development of mobile devices such as phones and tablets, it becomes much easier to accomplish through mobile-assisted language learning (MALL). Mobile-assisted language learning allows for a user to learn a new language using their mobile device, which is a ubiquitous form of learning. Mobile-assisted language learning is not without risk or vulnerabilities, however. It is imperative that users receive security awareness training, so they can operate their mobile phone in a secure manner. It is also critical that the mobile phones, wireless networks, learning management systems, and computer networks are also secured against various types of viruses, malware, and attacks. Without certain security measures being installed and configured on these devices and systems, the potential for security breaches present themselves.


2020 ◽  
Vol 25 (6) ◽  
pp. 5235-5259
Author(s):  
Zheyu Tan ◽  
Razvan Beuran ◽  
Shinobu Hasegawa ◽  
Weiwei Jiang ◽  
Min Zhao ◽  
...  

Sign in / Sign up

Export Citation Format

Share Document