Search results

In the past, people were usually seen as the weakest link in the IT security chain. However, this view has changed in recent years and people are no longer seen only as a problem, but also as part of the solution. In research, this change is reflected in the fact that people are enabled to report security incidents that they have detected. During this reporting process, however, it is important to ensure that the reports are submitted with the highest possible data quality. This paper aims to provide a process-driven quality improvement approach for human-as-a-security-sensor information.

This work builds upon existing approaches for structured reporting of security incidents. In the first step, relevant data quality dimensions and influencing factors are defined. Based on this, an approach for quality improvement is proposed. To demonstrate the feasibility of the approach, it is prototypically implemented and evaluated using an exemplary use case.

In this paper, a process-driven approach is proposed, which allows improving the data quality by analyzing the similarity of incidents. It is shown that this approach is feasible and leads to better data quality with real-world data.

The originality of the approach lies in the fact that data quality is already improved during the reporting of an incident. In addition, approaches from other areas, such as recommender systems, are applied innovatively to the area of the human-as-a-security-sensor.

Social engineering is crucial in today’s digital landscape. As technology advances, malicious individuals exploit human judgment and trust. This study explores how age, education and occupation affect individuals’ awareness, skills and perceptions of social engineering.

A quantitative research approach was used to survey a diverse demographic of Egyptian society. The survey was conducted in February 2023, and the participants were sourced from various Egyptian social media pages covering different topics. The collected data was analyzed using descriptive and inferential statistics, including independent samples t-test and ANOVA, to compare awareness and skills across different groups.

The study revealed that younger individuals and those with higher education tend to research social engineering more frequently. Males display a higher level of awareness but score lower in terms of social and psychological consequences as well as types of attacks when compared to females. The type of attack cannot be predicted based on age. Higher education is linked to greater awareness and ability to defend against attacks. Different occupations have varying levels of awareness, skills, and psychosocial consequences. The study emphasizes the importance of increasing awareness, education and implementing cybersecurity measures.

This study’s originality lies in its focus on diverse Egyptian demographics, innovative recruitment via social media, comprehensive exploration of variables, statistical rigor, practical insights for cybersecurity education and diversity in educational and occupational backgrounds.

Social engineering is a prominent aspect of online crime. Various interventions have been developed to reduce the success of this type of attacks. This paper aims to investigate if interventions can help to decrease the vulnerability to social engineering attacks. If they help, the authors investigate which forms of interventions and specific elements constitute success.

The authors selected studies which had an experimental design and rigorously tested at least one intervention that aimed to reduce the vulnerability to social engineering. The studies were primarily identified from querying the Scopus database. The authors identified 19 studies which lead to the identification of 37 effect sizes, based on a total sample of N = 23,146 subjects. The available training, intervention materials and effect sizes were analysed. The authors collected information on the context of the intervention, the characteristics of the intervention and the characteristics of the research methodology. All analyses were performed using random-effects models, and heterogeneity was quantified.

The authors find substantial differences in effect size for the different interventions. Some interventions are highly effective; others have no effect at all. Highly intensive interventions are more effective than those that are low on intensity. Furthermore, interventions with a narrow focus are more effective than those with a broad focus.

The results of this study show differences in effect for different elements of interventions. This allows practitioners to review their awareness campaigns and tailor them to increase their success.

The authors believe that this is the first study that compares the impact of social engineering interventions systematically.