Employee awareness model to enhance awareness of social engineering threats in the Saudi public sector
The increase in social-engineering threats within the Saudi public sector has changed awareness and training methods. However, due to employees' lack of awareness, social engineering could lead to a breach whereby attackers identify vulnerabilities and subsequently launch their attacks. A socia...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/95761/1/MohammedFahadAlghenaim2021_EmployeeAwarenessModeltoEnhanceAwareness.pdf http://eprints.utm.my/id/eprint/95761/ http://dx.doi.org/10.1109/ICOTEN52080.2021.9493434 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | The increase in social-engineering threats within the Saudi public sector has changed awareness and training methods. However, due to employees' lack of awareness, social engineering could lead to a breach whereby attackers identify vulnerabilities and subsequently launch their attacks. A social-engineering attack is a high risk to the Saudi public sector and may significantly affect its security measures. Thus, the benefits of adopting awareness-enhancement tools in the public sector are undeniable. This study proposes a conceptual awareness model designed to enhance employee awareness in the Saudi public sector to address this issue. This study reviews seven main factors of social engineering risk: phishing, baiting, pretexting, quid pro quo, tailgating, related security policies, and the ability to identify attacks and respond to threats. Additionally, this research examines one public sector actor in Saudi Arabia as a case study. The findings led to a model creation comprising of five components: a situation-awareness model for phishing, an information-security awareness tool, a power-knowledge-practice triangle, Saudi public sector follow-up metrics, and implementation phases. As a result, an a priori model was successfully developed, tested, and applied in the subsequent stage by the case study participants, the employees. |
|---|