onr:"swepub:oai:DiVA.org:kth-186113"
Search: onr:"swepub:oai:DiVA.org:kth-186113" > Shaping information...
- 1 of 1
- Previous record
- Next record
- To hitlist
Shaping information security behaviors related to social engineering attacks
-
- Rocha Flores, Waldo (author)
- KTH,Elkraftteknik,Industrial information and control systems
-
- Ekstedt, Mathias, Professor (thesis advisor)
- KTH,Elkraftteknik
-
- Kowalski, Stewart, Professor (opponent)
- Norwegian University of Science and Technology
- (creator_code:org_t)
- ISBN 9789175959696
- KTH Royal Institute of Technology, 2016
- English xv, 156 s.
- Series: TRITA-EE, 1653-5146 ; 2016:061
- Doctoral thesis (other academic/artistic)
Abstract
Subject headings
Close
- Today, few companies would manage to continuously stay competitive without the proper utilization of information technology (IT). This has increased companies’ dependency of IT and created new threats that need to be addressed to mitigate risks to daily business operations. A large extent of these IT-related threats includes hackers attempting to gain unauthorized access to internal computer networks by exploiting vulnerabilities in the behaviors of employees. A common way to exploit human vulnerabilities is to deceive and manipulate employees through the use of social engineering. Although researchers have attempted to understand social engineering, there is a lack of empirical research capturing multilevel factors explaining what drives employees’ existing behaviors and how these behaviors can be improved. This is addressed in this thesis.The contribution of this thesis includes (i) an instrument to measure security behaviors and its multilevel determinants, (ii) identification of multilevel variables that significantly influence employees’ intent for behavior change, (iii) identification of what behavioral governance factors that lay the foundation for behavior change, (iv) identification that national culture has a significant effect on how organizations cope with behavioral information security threats, and (v) a strategy to ensure adequate information security behaviors throughout an organization.This thesis is a composite thesis of eight papers. Paper 1 describes the instrument measuring multilevel determinants. Paper 2 and 3 describes how security knowledge is established in organizations, and the effect on employee information security awareness. In Paper 4 the root cause of employees’ intention to change their behaviors and resist social engineering is described. Paper 5 and 8 describes how the instrument to measure social engineering security behaviors was developed and validated through scenario-based surveys and phishing experiments. Paper 6 and 7 describes experiments performed to understand reason to why employees fall for social engineering. Finally, paper 2, 5 and 6 examines the moderating effect of national culture.
Subject headings
- TEKNIK OCH TEKNOLOGIER -- Elektroteknik och elektronik -- Annan elektroteknik och elektronik (hsv//swe)
- ENGINEERING AND TECHNOLOGY -- Electrical Engineering, Electronic Engineering, Information Engineering -- Other Electrical Engineering, Electronic Engineering, Information Engineering (hsv//eng)
Keyword
- Information security
- Behavioral information security
- Social engineering
- Phishing
- Measuring information security behaviors
- Information security governance
- Experiments
- National culture
- Mixed method research design
- Quantitative methods
- Industrial Information and Control Systems
- Industriella informations- och styrsystem
Publication and Content Type
- vet (subject category)
- dok (subject category)
Find in a library
- Shaping information security behaviors related to social engineering attacks (Search the publication in LIBRIS)
To the university's database
- 1 of 1
- Previous record
- Next record
- To hitlist
Find more in SwePub
- By the author/editor
- Rocha Flores, Wa ...
- Ekstedt, Mathias ...
- Kowalski, Stewar ...
- About the subject
-
- ENGINEERING AND TECHNOLOGY
- ENGINEERING AND ...
- and Electrical Engin ...
- and Other Electrical ...
- Parts in the series
- TRITA-EE,
- By the university
- Royal Institute of Technology
Search outside SwePub
- Extend your search to:
- Google Book Search
- Google Scholar
Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.
- Copyright © LIBRIS - National Library Systems
- LIBRIS.kb.se
