• Title/Summary/Keyword: Security Awareness Training

Search Result 76, Processing Time 0.03 seconds

A Study on the Change of Capability and Behavior against Phishing Attack by Continuous Practical Simulation Training (지속적 실전형 모의훈련을 통한 피싱공격 대응역량 및 행동변화에 관한 연구)

  • Yoon, Duck-sang;Lee, Kyung-ho;Lim, Jong-in
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.2
    • /
    • pp.267-279
    • /
    • 2017
  • This study emulated unscheduled phishing e-mails over a long period of time by imitating the manner in which external hackers attacked a group of employees in a company. We then measured and analyzed the recipient's ability to identify and respond to phishing e-mails as training progressed. In addition, we analyzed the changes in participants' response behavior when changing the external control condition between the training. As a result of the analysis, it was confirmed that the training duration had a positive (+) relationship with the employees' ability to identify phishing e-mails and the infection rate, and more employees read emails and infected with phishing attacks using social issues and seasonal events. It was also confirmed that reinforcement of internal control policy on infected persons affects positively (+) on the phishing attack response behavior of employees. Based on these results, we would like to suggest the right training method for each organization to enhance the ability of employees to cope with phishing attacks.

A Design of Information Security Education training Databank System for Preventing Computer Security incident (침해사고 예방을 위한 정보보안 교육훈련 문제은행 시스템)

  • Mo, Eun-Su;Lee, Jae-Pil;Lee, Jae-Gwang;Lee, Jun-Hyeon;Lee, Jae-Kwang
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2015.05a
    • /
    • pp.277-280
    • /
    • 2015
  • Smishing, Phishing personal privacy caused by Incident accidents such as Phishing information security has become a hot topic. Such incidents have privacy in personal information management occurs due to a lack of user awareness. This paper is based on the existing structure of the XML Tag question bank used a different Key-Value Structure-based JSON. JSON is an advantage that does not depend on the language in the text-based interchange format. The proposed system is divided into information security sector High, Middle and Low grade. and Provides service to the user through the free space and the smart device and the PC to the constraints of time. The use of open source Apache Load Balancing technology for reliable service. It also handles the user's web page without any training sessions Require server verification result of the training(training server). The result is sent to the training server using jQuery Ajax. and The resulting data are stored in the database based on the user ID. Also to be used as a training statistical indicators. In this paper, we design a level training system to enhance the user's information security awareness.

  • PDF

Improving Security Awareness about Smishing through Experiment on the Optimistic Bias on Risk Perception (위험인식의 낙관적 편향 실험을 통한 스미싱 보안인식 개선)

  • Kang, Ji Won;Lee, Ae Ri;Kim, Beomsoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.2
    • /
    • pp.475-487
    • /
    • 2016
  • Recently, various risks of smartphone hacking are emerging. Smishing crime techniques become more cunning and its damage has been increasing, thereby requiring effective ways of preventing and coping with smishing. Especially, it is emphasized the need for smartphone users' security awareness and training besides technological approach. This study investigates the effective method for providing news messages in order to improve the perception of risk from smishing. This research empirically examines that the degree of optimistic bias on risk perception can vary depending on news frame, topic type, and involvement regarding smishing. Based on the findings, it identifies the factors influencing risk perception and verifies effective ways of promoting individual security awareness on smishing. The results of this study provide implications that assist in educating, campaigning and promoting information security awareness for smart device users.

The Influence of Information Security Behaviors on Information Security Performance in Shipping and Port Organization (해운항만조직의 정보보안이행이 정보보안성과에 미치는 영향)

  • Kang, Da-Yeon;Chang, Myung-Hee
    • Journal of Navigation and Port Research
    • /
    • v.40 no.4
    • /
    • pp.213-222
    • /
    • 2016
  • Recently, as cases of organizations' information disclosure occur continuously, it is urgent to manage security of information and establish measures to enhance security of information by an organization itself. Especially, members of an organization should be prepared with measures for information security, and an organization should do its efforts to raise its members' awareness toward information security. I set a research model to verify what effects an organization's fulfillment of regulations to secure information brings to performance of information security and selected members from maritime and port organizations and financial and insurance institutes as sample. Results of the analysis to identify factors affecting information security performance among members of maritime and port organizations are as follows. Firstly, I found that the factors affecting information security awareness are information security attitude and information security standards. Secondly, the factor giving influence on information security policy of an organization was found to be information security standards. In contrast, information security punishments and information security training were verified not to give influence on compliance of information security policy. Thirdly, information security awareness was identified to give significant influence on compliance of information security policy, information security competence and information security behavior. Fourthly, compliance of information security policy was verified to be those factors that give influence on information security competence and information security behavior. Lastly, information security competence and information security behavior were found to be such factors that give influence on information security performance.

A Study on the Disaster Prevention Measures through Safety Awareness Survey for the Students living in a Dormitory (기숙사생의 안전의식 조사를 통한 재해예방 대책 연구)

  • Lee, Myeong-Gu;Choi, Sin-Hee;Kim, Joo-Mi;Choi, Yun-Young
    • The Journal of the Convergence on Culture Technology
    • /
    • v.2 no.2
    • /
    • pp.37-44
    • /
    • 2016
  • This study was performed to evaluate the safety level of consciousness of college dorm life, and to suggest the problem derivation and to improve the prevention of accidents. The survey research was performed to investigate the contents of safety training for 150 people, and the effectiveness, the demands of safety were also examined. The risk factors were identified in order to assess the level of personal security awareness. The survey was performed for the knowledge of risky behaviors, such as disaster preparedness tips. The research showed that the satisfaction and effectiveness of safety training was high by investigation. Through the research, the recognition factor of the accident, which occurs by a lack of understanding for specific responses, must be enhanced using the safety training to respond adequately when disaster occurs.

Situation Analysis and Education Plan of Security Ethics for Training College Students Majoring in Information Security (정보보안전공 대학생을 위한 보안 윤리의식 분석 및 교육 방안)

  • Kim, Tae-Hee
    • The Journal of the Korea Contents Association
    • /
    • v.17 no.4
    • /
    • pp.596-605
    • /
    • 2017
  • Recently, it has been pointed out that the lack of professional ethics of computer and security experts is serious as college students majoring in information security and insiders who are in charge of security work are involved in crimes after being tempted to cyber crimes. In this paper, we investigate and analyze the security ethics awareness and education situation of college students majoring in information security, and examine the security ethics education method for human resource development with personality and qualities. As the information society becomes more widespread, the ethics and occupational consciousness of the university students who are majoring in information security are recognized as lack of awareness and education about security ethics, As a solution to solve these problems, it is expected that it will be possible to nurture security experts who are aware of their vocation through the educational plan to enhance the security ethics of the information security major college students. According to the security ethics education system proposed in the paper, the security ethical consciousness of the group that received education was remarkably improved.

A Path Way to Increase the Intention to Comply with Information Security Policy of Employees (조직 구성원들의 정보보안 정책 준수행위 의도에 관한 연구)

  • Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • v.10 no.10
    • /
    • pp.119-128
    • /
    • 2012
  • This study is to identify the factors that influence an intention to information security policy compliance of employees. To do this, this study is based on three theoretical backgrounds because of the lack of holistic perspective. Research results show that detection certainty and individual attachment have a positive effect on information security policy compliance intention. Detection certainty is influenced by security awareness education and training. Finally, response cost has a negative effect on information security policy compliance intention.

Factors Drawing Members of a Financial Institution to Information Security Risk Management (금융기관 종사자들을 정보보안 위험관리로 이끄는 요인)

  • An, Hoju;Jang, Jaeyoung;Kim, Beomsoo
    • Information Systems Review
    • /
    • v.17 no.3
    • /
    • pp.39-64
    • /
    • 2015
  • As information and information technology become more important in competitive corporate environments, the risk of information security breaches has increased accordingly. Although organizations establish security measures to manage information security risks, members of organizations do not comply with them well, and their information security behavior intention is unclear. Therefore, to understand the information security risk management intention of the members of organizations, the present study developed a research model using Protection Motivation Theory, Supervisory Authority Pressure, and Background factors. This study presents empirical research findings based on the analysis of survey data from 201 members of financial institutions. Perceived Severity, Self-efficacy, and Supervisory Authority Pressure had a positive effect on intention; however, Perceived Vulnerability and Response Efficacy did not affect intention. Security Avoidance Habit, which was considered a background factor, had a negative effect on all parameters, and did not have an effect on intention. Security Awareness Training, another background factor, had a positive effect on information security risk management intention and perceived vulnerability, self-efficacy, response efficacy, and supervisory authority pressure, and had no effect on perceived severity. This study used supervisory authority pressure and background factors in the field of information security, and provided a basis to use supervisory authority pressure in future studies on behavior of organizations and members of an organization. In addition, the use of various background factors presented the groundwork for the expansion of protection motivation theory. Furthermore, practitioners can use the study findings as a foundation for organization's security activities, and to improve regulations.

The Use Plan of the Effective Computer Simulation Program for Strengthening the Disaster Field Response Strategy

  • Ham, Seung Hee;Park, Namkwun;Yoo, Myong O
    • Journal of the Society of Disaster Information
    • /
    • v.12 no.2
    • /
    • pp.176-180
    • /
    • 2016
  • The full extent of damage depend greatly on the quick and rational decision making by the incident commander soon after the disaster. The decision that everybody should wait by the captain, not to enter into the ship by the first dispatched incident commander, broadcasting failure have brought about a huge loss of life at Sewol cruise ship incident. Thus this study reviews the training and education system supporting the rational crisis decision making performed by the incident commander to cut off the expansion of disaster which is caused by the failure of the incident situation awareness and the decision making described above.

An Exploratory Research on Factors Influence Perceived Compliance Cost and Information Security Awareness in Small and Medium Enterprise (보안정책 준수 비용과 정보보안 중요성 인식 수준에 미치는 요인에 관한 연구: 중소기업을 중심으로)

  • Yim, Myung-Seong
    • Journal of the Korea Convergence Society
    • /
    • v.9 no.9
    • /
    • pp.69-81
    • /
    • 2018
  • The ultimate intention of this research is to identify the factors that have a significant effect on the perceived importance of information security as the antecedent of intention to information security policy compliance. We found that the effectiveness of information security training program did not have statistically significant effect on the perceived cost of policy compliance. Second, the effectiveness of information security policy has significant influence on the perceived cost of policy compliance. Third, perceived vulnerability has a significant effect on the perceived cost of policy compliance. Fourth, perceived cost of policy compliance has a significant effect on perceived importance of information security. Fifth, supervisor's attitude toward information security silence has a significant effect on employee silent behavior towards information security. Sixth, communication opportunities towards information security has a significant influence on employee silent behavior towards information security. Finally, it was shown that employee silent behavior towards information security had a significant influence on the perceived importance of information security.