Abstract : Ever more processes of our daily lives are shifting into the digital realm. Consequently, users face a variety of IT-security threats with possibly severe ramifications. It has been shown that technical measures alone are insufficient to counter all threats. For instance, it takes technical measures on average 32 h before identifying and blocking phishing websites. Therefore, teaching users how to identify malicious websites is of utmost importance, if they are to be protected at all times. A number of ways to deliver the necessary knowledge to users exist. Among the most broadly used are instructor-based, computer-based and text-based training. We compare all three formats in the security context, or to be more precise in the context of anti-phishing training.
https://hal.inria.fr/hal-01369549 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Wednesday, September 21, 2016 - 10:54:46 AM Last modification on : Wednesday, September 21, 2016 - 11:39:29 AM Long-term archiving on: : Thursday, December 22, 2016 - 12:46:31 PM
Simon Stockhardt, Benjamin Reinheimer, Melanie Volkamer, Peter Mayer, Alexandra Kunz, et al.. Teaching Phishing-Security: Which Way is Best?. 31st IFIP International Information Security and Privacy Conference (SEC), May 2016, Ghent, Belgium. pp.135-149, ⟨10.1007/978-3-319-33630-5_10⟩. ⟨hal-01369549⟩