A model for social engineering awareness program for schools

Authors: Mohammed, S. and Apeh, E.

Journal: SKIMA 2016 - 2016 10th International Conference on Software, Knowledge, Information Management and Applications

Pages: 392-397

ISBN: 9781509032976

DOI: 10.1109/SKIMA.2016.7916253

Abstract:

Advancements in security has over the years of technological growth been mainly focused on providing secured technological infrastructure. The developed security measures and counter-measures have played a major role in reducing the surge of cyber-attacks. However, hackers have continued to exploit vulnerabilities due to the human element to gain access into otherwise secured systems. Risks and potential for exploits are more so in schools where the human vulnerability is enhanced by young impressionable pupils. Social engineering, the art of manipulating people so they give up confidential information, is increasingly the approach of choice for hackers who exploit the human element. Social engineers bypass secured systems in schools by directing targeting and exploiting the human vulnerabilities of school's students and staff. Education through awareness campaigns are typically used in countering the threat from social engineering. Such awareness campaigns tend to however be too holistic in focus to lead to the significant and sustainable change in behaviour required to counter social engineering. This paper presents a model for designing and implementing social engineering awareness programmes aimed at fostering behaviour change in schools. It demonstrates the process of designing a social engineering awareness program to meet all types of learning styles by using different multiple communication methods. Evaluation and continuous reinforcement approaches are also presented. A pilot implementation of our proposed model for social engineering awareness programme shows a significant change in behaviour of school's teaching staff.

Source: Scopus