TY - GEN
T1 - Evaluating the Information Security Awareness of Smartphone Users
AU - Bitton, Ron
AU - Boymgold, Kobi
AU - Puzis, Rami
AU - Shabtai, Asaf
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/4/21
Y1 - 2020/4/21
N2 - Information security awareness (ISA) is a practice focused on the set of skills which help a user successfully mitigate social engineering (SE) attacks. Evaluating the ISA of users is crucial, since early identification of users who are more vulnerable to SE attacks improves system security. Previous studies for evaluating the ISA of smartphone users rely on subjective data sources (questionnaires) and do not address the differences between classes of SE attacks. This paper presents a framework for evaluating the ISA of smartphone users for specific attack classes. In addition to questionnaires, we utilize objective data sources: A mobile agent, a network traffic monitor, and cybersecurity challenges. We evaluated the framework by conducting a long-term user study involving 162 users. The results show that: The self-reported behavior of users differs significantly from their actual behavior and the ISA level derived from the actual behavior of users is highly correlated with their ability to mitigate SE attacks.
AB - Information security awareness (ISA) is a practice focused on the set of skills which help a user successfully mitigate social engineering (SE) attacks. Evaluating the ISA of users is crucial, since early identification of users who are more vulnerable to SE attacks improves system security. Previous studies for evaluating the ISA of smartphone users rely on subjective data sources (questionnaires) and do not address the differences between classes of SE attacks. This paper presents a framework for evaluating the ISA of smartphone users for specific attack classes. In addition to questionnaires, we utilize objective data sources: A mobile agent, a network traffic monitor, and cybersecurity challenges. We evaluated the framework by conducting a long-term user study involving 162 users. The results show that: The self-reported behavior of users differs significantly from their actual behavior and the ISA level derived from the actual behavior of users is highly correlated with their ability to mitigate SE attacks.
KW - human factors
KW - information security awareness
KW - mobile devices
KW - social engineering
UR - http://www.scopus.com/inward/record.url?scp=85091269025&partnerID=8YFLogxK
U2 - 10.1145/3313831.3376385
DO - 10.1145/3313831.3376385
M3 - Conference contribution
AN - SCOPUS:85091269025
T3 - Conference on Human Factors in Computing Systems - Proceedings
BT - CHI 2020 - Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems
PB - Association for Computing Machinery
T2 - 2020 ACM CHI Conference on Human Factors in Computing Systems, CHI 2020
Y2 - 25 April 2020 through 30 April 2020
ER -