Employee awareness model to enhance awareness of social engineering threats in the Saudi public sector
The increase in social-engineering threats within the Saudi public sector has changed awareness and training methods. However, due to employees' lack of awareness, social engineering could lead to a breach whereby attackers identify vulnerabilities and subsequently launch their attacks. A socia...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/95761/1/MohammedFahadAlghenaim2021_EmployeeAwarenessModeltoEnhanceAwareness.pdf http://eprints.utm.my/id/eprint/95761/ http://dx.doi.org/10.1109/ICOTEN52080.2021.9493434 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.utm.95761 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.957612022-05-31T13:18:49Z http://eprints.utm.my/id/eprint/95761/ Employee awareness model to enhance awareness of social engineering threats in the Saudi public sector Alghenaim, M. F. Abu Bakar, N. A. Mohd. Yusoff, C. F. Hassan, N. H. Sallehudin, H. T Technology (General) The increase in social-engineering threats within the Saudi public sector has changed awareness and training methods. However, due to employees' lack of awareness, social engineering could lead to a breach whereby attackers identify vulnerabilities and subsequently launch their attacks. A social-engineering attack is a high risk to the Saudi public sector and may significantly affect its security measures. Thus, the benefits of adopting awareness-enhancement tools in the public sector are undeniable. This study proposes a conceptual awareness model designed to enhance employee awareness in the Saudi public sector to address this issue. This study reviews seven main factors of social engineering risk: phishing, baiting, pretexting, quid pro quo, tailgating, related security policies, and the ability to identify attacks and respond to threats. Additionally, this research examines one public sector actor in Saudi Arabia as a case study. The findings led to a model creation comprising of five components: a situation-awareness model for phishing, an information-security awareness tool, a power-knowledge-practice triangle, Saudi public sector follow-up metrics, and implementation phases. As a result, an a priori model was successfully developed, tested, and applied in the subsequent stage by the case study participants, the employees. 2021 Conference or Workshop Item PeerReviewed application/pdf en http://eprints.utm.my/id/eprint/95761/1/MohammedFahadAlghenaim2021_EmployeeAwarenessModeltoEnhanceAwareness.pdf Alghenaim, M. F. and Abu Bakar, N. A. and Mohd. Yusoff, C. F. and Hassan, N. H. and Sallehudin, H. (2021) Employee awareness model to enhance awareness of social engineering threats in the Saudi public sector. In: 2021 International Congress of Advanced Technology and Engineering, ICOTEN 2021, 4 July 2021 - 5 July 2021, Virtual, Online. http://dx.doi.org/10.1109/ICOTEN52080.2021.9493434 |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| language |
English |
| topic |
T Technology (General) |
| spellingShingle |
T Technology (General) Alghenaim, M. F. Abu Bakar, N. A. Mohd. Yusoff, C. F. Hassan, N. H. Sallehudin, H. Employee awareness model to enhance awareness of social engineering threats in the Saudi public sector |
| description |
The increase in social-engineering threats within the Saudi public sector has changed awareness and training methods. However, due to employees' lack of awareness, social engineering could lead to a breach whereby attackers identify vulnerabilities and subsequently launch their attacks. A social-engineering attack is a high risk to the Saudi public sector and may significantly affect its security measures. Thus, the benefits of adopting awareness-enhancement tools in the public sector are undeniable. This study proposes a conceptual awareness model designed to enhance employee awareness in the Saudi public sector to address this issue. This study reviews seven main factors of social engineering risk: phishing, baiting, pretexting, quid pro quo, tailgating, related security policies, and the ability to identify attacks and respond to threats. Additionally, this research examines one public sector actor in Saudi Arabia as a case study. The findings led to a model creation comprising of five components: a situation-awareness model for phishing, an information-security awareness tool, a power-knowledge-practice triangle, Saudi public sector follow-up metrics, and implementation phases. As a result, an a priori model was successfully developed, tested, and applied in the subsequent stage by the case study participants, the employees. |
| format |
Conference or Workshop Item |
| author |
Alghenaim, M. F. Abu Bakar, N. A. Mohd. Yusoff, C. F. Hassan, N. H. Sallehudin, H. |
| author_facet |
Alghenaim, M. F. Abu Bakar, N. A. Mohd. Yusoff, C. F. Hassan, N. H. Sallehudin, H. |
| author_sort |
Alghenaim, M. F. |
| title |
Employee awareness model to enhance awareness of social engineering threats in the Saudi public sector |
| title_short |
Employee awareness model to enhance awareness of social engineering threats in the Saudi public sector |
| title_full |
Employee awareness model to enhance awareness of social engineering threats in the Saudi public sector |
| title_fullStr |
Employee awareness model to enhance awareness of social engineering threats in the Saudi public sector |
| title_full_unstemmed |
Employee awareness model to enhance awareness of social engineering threats in the Saudi public sector |
| title_sort |
employee awareness model to enhance awareness of social engineering threats in the saudi public sector |
| publishDate |
2021 |
| url |
http://eprints.utm.my/id/eprint/95761/1/MohammedFahadAlghenaim2021_EmployeeAwarenessModeltoEnhanceAwareness.pdf http://eprints.utm.my/id/eprint/95761/ http://dx.doi.org/10.1109/ICOTEN52080.2021.9493434 |
| _version_ |
1735386844018769920 |
| score |
13.211869 |