Universiti Teknologi Malaysia Institutional Repository

Employee awareness model to enhance awareness of social engineering threats in the Saudi public sector

Alghenaim, M. F. and Abu Bakar, N. A. and Mohd. Yusoff, C. F. and Hassan, N. H. and Sallehudin, H. (2021) Employee awareness model to enhance awareness of social engineering threats in the Saudi public sector. In: 2021 International Congress of Advanced Technology and Engineering, ICOTEN 2021, 4 July 2021 - 5 July 2021, Virtual, Online.

[img]
Preview
PDF
2MB

Official URL: http://dx.doi.org/10.1109/ICOTEN52080.2021.9493434

Abstract

The increase in social-engineering threats within the Saudi public sector has changed awareness and training methods. However, due to employees' lack of awareness, social engineering could lead to a breach whereby attackers identify vulnerabilities and subsequently launch their attacks. A social-engineering attack is a high risk to the Saudi public sector and may significantly affect its security measures. Thus, the benefits of adopting awareness-enhancement tools in the public sector are undeniable. This study proposes a conceptual awareness model designed to enhance employee awareness in the Saudi public sector to address this issue. This study reviews seven main factors of social engineering risk: phishing, baiting, pretexting, quid pro quo, tailgating, related security policies, and the ability to identify attacks and respond to threats. Additionally, this research examines one public sector actor in Saudi Arabia as a case study. The findings led to a model creation comprising of five components: a situation-awareness model for phishing, an information-security awareness tool, a power-knowledge-practice triangle, Saudi public sector follow-up metrics, and implementation phases. As a result, an a priori model was successfully developed, tested, and applied in the subsequent stage by the case study participants, the employees.

Item Type:Conference or Workshop Item (Paper)
Uncontrolled Keywords:awareness model, employee awareness, information security
Subjects:T Technology > T Technology (General)
Divisions:Razak School of Engineering and Advanced Technology
ID Code:95761
Deposited By: Narimah Nawil
Deposited On:31 May 2022 13:18
Last Modified:31 May 2022 13:18

Repository Staff Only: item control page