Date of Award
Bachelor of Science (B.S.) in Computer Science and University Honors
Computer security, Computer networks -- Security measures, Information technology -- Security measures, Employees -- Training of, Cyberspace -- Security measures, Social engineering
Social Engineering (SE) attacks are the most prevalent attacks targeting multiple industries, companies, and organizations. This research discusses the reasons for the prevalence of SE attacks and the weaknesses of the defense methods against it—Information Security Awareness Trainings (ISAT). Through an extensive literature review of the methods, experiments, and ideas of the past 20 years, the research compiles best practices for an effective ISAT program that is capable of changing employee behaviors and strengthening companies' security posture through its human element. The literature review is divided into two main sections. The first section is about the components that should be common to any type or format of ISAT regardless of the way it is delivered to the employees. The second section is about four different delivery methods by which companies could conduct ISAT and those are: (1) Lecture-Based Delivery Method; (2) Programs/ Interactive Games Delivery Method; (3) Group-Oriented Delivery Method; (4) Simulated Attack Delivery Method. From the literature review, it was determined that an amazing body of work related to designing and delivering an effective ISAT exists and that companies just need to find a way that works for them. Standard training is largely ineffective and thus companies must put in the time and effort to create materials that are relevant to their employees and combine multiple delivery methods. It is also important to note that ISAT should be a continuous year-round activity and not just done once a year or once in a lifetime. If companies learn to be patient and work out different trial and error scenarios, they will eventually find something that works best for them and as it matures, they will see an immense return on investment and an improvement of their overall security posture.
Labib, Fadi, "Qualities of Impactful Cyber Security Awareness Training" (2019). University Honors Theses. Paper 682.