Abstract
Information security-related research is traditionally focused on technical aspects, while little attention is paid to user behavior and organizational management and employee behavior is often neglected. In many cases, employees intend to comply with policies, but they cannot avoid “unintentional” violation of information security policies, that is, they are unaware of the existence of deception. Even if the user's intention to comply with the security policy is high and the behavior is toward compliance, it is still possible to have an information security violation in the case of “unawareness” or “mistrust,” resulting in organizational losses. This study uses situation awareness theory to explore how email social engineering attacks can deceive users either unconsciously or unintentionally and to explore using current and possible training methods to reduce the possibility of employees falling victim to a successful email engineering attack.
Original language | English |
---|---|
State | Published - 2019 |
Event | 23rd Pacific Asia Conference on Information Systems: Secure ICT Platform for the 4th Industrial Revolution, PACIS 2019 - Xi'an, China Duration: 8 Jul 2019 → 12 Jul 2019 |
Conference
Conference | 23rd Pacific Asia Conference on Information Systems: Secure ICT Platform for the 4th Industrial Revolution, PACIS 2019 |
---|---|
Country/Territory | China |
City | Xi'an |
Period | 8/07/19 → 12/07/19 |
Keywords
- Email deception
- Email fraud
- Situation awareness theory
- Social engineering