Contextual security awareness: A context-based approach for assessing the security awareness of users

Assessing the information security awareness (ISA) of users is crucial for protecting systems and organizations from social engineering attacks. Current methods do not consider the context of use when assessing users’ ISA, and therefore they cannot accurately reflect users’ actual behavior, which often depends on that context. In this study, we propose a novel context-based, data-driven, approach for assessing the ISA of users. In this approach, different behavioral and contextual factors, such as spatio-temporal information and browsing habits, are used to assess users’ ISA. Since defining each context explicitly is impractical for a large context space, we utilize a deep neural network to represent users’ contexts implicitly from contextual factors. We evaluate our approach empirically using a real-world dataset of users’ activities collected from 120 smartphone users. The results show that the proposed method and context information improve ISA assessment accuracy significantly.