Evaluating the Information Security Awareness of Smartphone Users

Ron Bitton, Kobi Boymgold, Rami Puzis, Asaf Shabtai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

Information security awareness (ISA) is a practice focused on the set of skills which help a user successfully mitigate social engineering (SE) attacks. Evaluating the ISA of users is crucial, since early identification of users who are more vulnerable to SE attacks improves system security. Previous studies for evaluating the ISA of smartphone users rely on subjective data sources (questionnaires) and do not address the differences between classes of SE attacks. This paper presents a framework for evaluating the ISA of smartphone users for specific attack classes. In addition to questionnaires, we utilize objective data sources: A mobile agent, a network traffic monitor, and cybersecurity challenges. We evaluated the framework by conducting a long-term user study involving 162 users. The results show that: The self-reported behavior of users differs significantly from their actual behavior and the ISA level derived from the actual behavior of users is highly correlated with their ability to mitigate SE attacks.

Original languageEnglish
Title of host publicationCHI 2020 - Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450367080
DOIs
StatePublished - 21 Apr 2020
Event2020 ACM CHI Conference on Human Factors in Computing Systems, CHI 2020 - Honolulu, United States
Duration: 25 Apr 202030 Apr 2020

Publication series

NameConference on Human Factors in Computing Systems - Proceedings

Conference

Conference2020 ACM CHI Conference on Human Factors in Computing Systems, CHI 2020
Country/TerritoryUnited States
CityHonolulu
Period25/04/2030/04/20

Keywords

  • human factors
  • information security awareness
  • mobile devices
  • social engineering

Fingerprint

Dive into the research topics of 'Evaluating the Information Security Awareness of Smartphone Users'. Together they form a unique fingerprint.

Cite this