메뉴 건너뛰기




Volumn , Issue , 2008, Pages

Lessons from a real world evaluation of anti-phishing training

Author keywords

Design; Embedded training; Experimentation; Human factors; Real world studies; Security

Indexed keywords

EMBEDDED TRAINING; EXPERIMENTATION; HUMAN FACTORS; REAL WORLD STUDIES; SECURITY;

EID: 67249151917     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ECRIME.2008.4696970     Document Type: Conference Paper
Times cited : (81)

References (33)
  • 1
    • 78349295489 scopus 로고
    • Social engineering: A means to violate a computer system
    • Tech. rep, SANS Institute
    • Allen, M. 1993. Social engineering: A means to violate a computer system. Tech. rep., SANS Institute, 2006.
    • (1993)
    • Allen, M.1
  • 4
    • 84936628790 scopus 로고
    • Social contagion and innovation: Cohesion versus structural equivalence
    • Burt, R. S. 1987. Social contagion and innovation: Cohesion versus structural equivalence. The American Journal of Sociology, 92, 6, 1287-1335.
    • (1987) The American Journal of Sociology , vol.92 , Issue.6 , pp. 1287-1335
    • Burt, R.S.1
  • 6
    • 33745816410 scopus 로고    scopus 로고
    • Dhamija, R., Tygar, J. D., and Hearst, M. 2006. Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Montréal, Québec, Canada, April 22-27, 2006). R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and G. Olson, Eds. CHI '06. ACM Press, New York, NY, 581-590. DOI= http://doi.acm.org/10.1145/1124772.1124861.
    • Dhamija, R., Tygar, J. D., and Hearst, M. 2006. Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Montréal, Québec, Canada, April 22-27, 2006). R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and G. Olson, Eds. CHI '06. ACM Press, New York, NY, 581-590. DOI= http://doi.acm.org/10.1145/1124772.1124861.
  • 7
    • 34250737359 scopus 로고    scopus 로고
    • Downs, J. S., Holbrook, M. B., and Cranor, L. F. 2006. Decision strategies and susceptibility to phishing. In Proceedings of the Second Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 12-14, 2006). SOUPS '06, 149. ACM Press, New York, NY, 79-90. DOI= http://doi.acm.org/10.1145/1143120.1143131.
    • Downs, J. S., Holbrook, M. B., and Cranor, L. F. 2006. Decision strategies and susceptibility to phishing. In Proceedings of the Second Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 12-14, 2006). SOUPS '06, vol. 149. ACM Press, New York, NY, 79-90. DOI= http://doi.acm.org/10.1145/1143120.1143131.
  • 8
    • 35348858087 scopus 로고    scopus 로고
    • Retrieved December 30, 2006
    • eBay. Spoof Email Tutorial. Retrieved December 30, 2006. http://pages.ebay.com/education/spooftutorial/
    • Spoof Email Tutorial
  • 9
    • 77954011747 scopus 로고    scopus 로고
    • Retrieved December 30, 2006
    • Federal Trade Commission. An E-Card for You game. Retrieved December 30, 2006. http://www.ftc.gov/bcp/conline/ecards/phishing/index.html.
    • An E-Card for You game
  • 10
    • 84857633606 scopus 로고    scopus 로고
    • Retrieved December 30, 2006
    • Federal Trade Commission. Phishing Alerts. Retrieved December 30, 2006. http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
    • Phishing Alerts
  • 11
    • 35348822468 scopus 로고    scopus 로고
    • Fostering E-Mail Security Awareness: The West Point Carronade
    • Retrieved March 22, 2006
    • Ferguson, A. J. 2005. Fostering E-Mail Security Awareness: The West Point Carronade. EDUCASE Quarterly, 1. Retrieved March 22, 2006, http://www.educause. edu/ir/library/pdf/eqm0517.pdf.
    • (2005) EDUCASE Quarterly , vol.1
    • Ferguson, A.J.1
  • 13
    • 67249143753 scopus 로고    scopus 로고
    • ISO. 2005. ISO/IEC 27001:2005 - Information technology - Security techniques - Information security management Systems - Requirements. Tech. rep., International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), October 2005.
    • ISO. 2005. ISO/IEC 27001:2005 - Information technology - Security techniques - Information security management Systems - Requirements. Tech. rep., International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), October 2005.
  • 14
    • 77952351130 scopus 로고    scopus 로고
    • An evaluation of extended validation and picture-in-picture phishing attacks
    • Jackson, C., Simon, D., Tan, D., and Barth, A. 2007. An evaluation of extended validation and picture-in-picture phishing attacks. In Usable Security (USEC'07). http://usablesecurity.org/papers/jackson.pdf.
    • (2007) Usable Security (USEC'07)
    • Jackson, C.1    Simon, D.2    Tan, D.3    Barth, A.4
  • 15
    • 34848911641 scopus 로고    scopus 로고
    • Jagatic, T., Johnson, N., Jakobsson, M., and Menczer, F. Social phishing. 2007. Communications of the ACM 50, 10, 94-100. Retrieved March 7, 2006, http://www.indiana.edu/phishing/social-network-experiment/phishing-preprint.pdf.
    • Jagatic, T., Johnson, N., Jakobsson, M., and Menczer, F. Social phishing. 2007. Communications of the ACM 50, 10, 94-100. Retrieved March 7, 2006, http://www.indiana.edu/phishing/social-network-experiment/phishing-preprint.pdf.
  • 18
    • 67249159059 scopus 로고    scopus 로고
    • Kumaraguru, P., Acquisti, A., and Cranor, L. 2006. Trust modeling for online transactions: A phishing scenario. In Privacy Security Trust. http://www.cs.cmu.edu/onguru/pk-aa-lc-pst-2006.pdf.
    • Kumaraguru, P., Acquisti, A., and Cranor, L. 2006. Trust modeling for online transactions: A phishing scenario. In Privacy Security Trust. http://www.cs.cmu.edu/onguru/pk-aa-lc-pst-2006.pdf.
  • 19
    • 67249153774 scopus 로고    scopus 로고
    • Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L. F., and Hong, J. 2007. Teaching johnny not to fall for phish. Tech. rep., Cranegie Mellon University. http://www.cylab.cmu.edu/files/cmucylab07003.pdf.
    • Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L. F., and Hong, J. 2007. Teaching johnny not to fall for phish. Tech. rep., Cranegie Mellon University. http://www.cylab.cmu.edu/files/cmucylab07003.pdf.
  • 20
    • 67249105612 scopus 로고    scopus 로고
    • Kumaraguru, P., Y. Rhee, A. Acquisti, L. Cranor, J. Hong, and E. Nunge. 2007. In Proceedings of CHI 2007. Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System.
    • Kumaraguru, P., Y. Rhee, A. Acquisti, L. Cranor, J. Hong, and E. Nunge. 2007. In Proceedings of CHI 2007. Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System.
  • 21
    • 77953876778 scopus 로고    scopus 로고
    • Getting users to pay attention to anti-phishing education: Evaluation of retention and transfer
    • Anti-Phishing Working Group
    • Kumaraguru, P., Rhee, Y., Sheng, S., Hasan, S., Acquisti, A., Cranor, L. F., and Hong, J. 2007. Getting users to pay attention to anti-phishing education: Evaluation of retention and transfer. e-Crime Researchers Summit, Anti-Phishing Working Group.
    • (2007) e-Crime Researchers Summit
    • Kumaraguru, P.1    Rhee, Y.2    Sheng, S.3    Hasan, S.4    Acquisti, A.5    Cranor, L.F.6    Hong, J.7
  • 23
    • 84868967097 scopus 로고    scopus 로고
    • Sept 20
    • Mail Frontier. Phishing IQ. Retrieved Sept 20, 2006. http://survey. mailfrontier.com/survey/quiztest.html.
    • (2006)
    • Frontier, M.1    Retrieved, P.I.Q.2
  • 25
    • 6744258985 scopus 로고    scopus 로고
    • Information technology security training requirements: A role- and performance-based model
    • NIST, Tech. rep, National Institute of Standards and Technology
    • NIST. 1998. Information technology security training requirements: A role- and performance-based model (800-16). Tech. rep., National Institute of Standards and Technology.
    • (1998)
  • 26
    • 36949007348 scopus 로고    scopus 로고
    • NIST special publication 800-12: An introduction to computer security - the NIST handbook
    • NIST, Tech. rep, National Institute of Standards and Technology
    • NIST. 2004. NIST special publication 800-12: An introduction to computer security - the NIST handbook. Tech. rep., National Institute of Standards and Technology.
    • (2004)
  • 29
    • 67249121252 scopus 로고    scopus 로고
    • Worked examples and tutored problem solving: Redundant or synergistic forms of support? In Annual Meeting of the Cognitive
    • In press
    • Salden, R., Aleven, V., Renkl, A., and Schwonke, R. 2008. Worked examples and tutored problem solving: redundant or synergistic forms of support? In Annual Meeting of the Cognitive Science Society. In press.
    • (2008) Science Society
    • Salden, R.1    Aleven, V.2    Renkl, A.3    Schwonke, R.4
  • 31
    • 36849073159 scopus 로고    scopus 로고
    • Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L. F., Hong, J., and Nunge, E. 2007. Anti-phishing Phil: The design and evaluation of a game that teaches people not to fall for phish. In SOUPS '07: Proceedings of the 3rd symposium on Usable privacy and security (New York, NY, USA, March 2007), ACM, pp. 88-99. Symposium On Usable Privacy and Security. DOI=http://doi.acm.org/10.1145/1280680.1280692.
    • Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L. F., Hong, J., and Nunge, E. 2007. Anti-phishing Phil: The design and evaluation of a game that teaches people not to fall for phish. In SOUPS '07: Proceedings of the 3rd symposium on Usable privacy and security (New York, NY, USA, March 2007), ACM, pp. 88-99. Symposium On Usable Privacy and Security. DOI=http://doi.acm.org/10.1145/1280680.1280692.
  • 32
    • 84868971623 scopus 로고    scopus 로고
    • Using cartoons to teach security
    • Tech. rep, DIMACS, 2007. Retrieved April 1
    • Srikwan, S., and Jakobsson, M. Using cartoons to teach security. Tech. rep., DIMACS, 2007. Retrieved April 1, 2008, http://www.informatics.indiana.edu/ markus/documents/security-education.pdf.
    • (2008)
    • Srikwan, S.1    Jakobsson, M.2
  • 33
    • 67249110643 scopus 로고    scopus 로고
    • Information Systems Security Association Journal
    • Timko, D. 2008. The social engineering threat. Information Systems Security Association Journal.
    • (2008) The social engineering threat
    • Timko, D.1


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.