Abstract : The importance of addressing the human aspect in information security has grown over the past few years. One of the most frequent techniques used to obtain private or confidential information from humans is phishing. One way to combat these phishing scams is to have proper security awareness programs in place. In order to enhance the awareness and educational value of information security awareness programs, it is suggested that an organisational learning model, characterised by so called single-loop and double-loop learning, be considered. This paper describes a practical phishing experiment that was conducted at a large organisation and shows how a learning process was initiated and how security incidents such as phishing can be used successfully for both single and double-loop learning.
Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.379-390, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_28〉
https://hal.inria.fr/hal-01463839
Contributeur : Hal Ifip
<>
Soumis le : jeudi 9 février 2017 - 17:24:15
Dernière modification le : jeudi 9 février 2017 - 17:37:19
Document(s) archivé(s) le : mercredi 10 mai 2017 - 14:53:34
Wayne Kearney, Hennie Kruger. Phishing and Organisational Learning. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.379-390, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_28〉. 〈hal-01463839〉
