Assessing the information security awareness (ISA) of users is crucial for protecting systems and organizations from social engineering attacks. Current methods do not consider the context of use when assessing users’ ISA, and therefore they cannot accurately reflect users’ actual behavior, which often depends on that context. In this study, we propose a novel context-based, data-driven, approach for assessing the ISA of users. In this approach, different behavioral and contextual factors, such as spatio-temporal information and browsing habits, are used to assess users’ ISA. Since defining each context explicitly is impractical for a large context space, we utilize a deep neural network to represent users’ contexts implicitly from contextual factors. We evaluate our approach empirically using a real- world dataset of users’ activities collected from 120 smartphone users. The results show that the proposed method and context information improve ISA assessment accuracy significantly.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....