In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016)
Title: The Design and Evaluation of an Interactive Social Engineering Training Programme
Author(s): Esra Alkhamis, Karen Renaud
Keywords: Social Engineering Training Programme, Security Awareness.
Abstract: Social engineering is a major issue affecting organisational security. Educating employees on how to avoid social engineering attacks is important because social engineering tries to penetrate an organisation by using employees to grant authorized access to sensitive information. While there are a number of theoretical studies about social engineering, a few practical studies have moved towards educating and training employees on how to spot such attacks. In this research, we emphasise the importance of educating employees to make them more resilient to attack.
To address this need we developed an educational video encapsulated within a Social Engineering Training Programme. This is an interactive training video in which the learner interacts with three different scenarios; educational content, knowledge-check, and a web page containing the latest news about current social engineering attacks.
The training programme was evaluated in a Saudi trading company with 24 employees. The evaluation showed that the programme delivered a positive impact in terms of awareness, as tested by a post-training quiz.
Download count: 1299
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.