Joakim Kävrestad
Evaluation of Contextual and Game-Based Training for Phishing Detection
Kävrestad, Joakim; Hagberg, Allex; Nohlberg, Marcus; Rambusch, Jana; Roos, Robert; Furnell, Steven
Authors
Allex Hagberg
Marcus Nohlberg
Jana Rambusch
Robert Roos
STEVEN FURNELL STEVEN.FURNELL@NOTTINGHAM.AC.UK
Professor of Cyber Security
Abstract
Cybersecurity is a pressing matter, and a lot of the responsibility for cybersecurity is put on the individual user. The individual user is expected to engage in secure behavior by selecting good passwords, identifying malicious emails, and more. Typical support for users comes from Information Security Awareness Training (ISAT), which makes the effectiveness of ISAT a key cybersecurity issue. This paper presents an evaluation of how two promising methods for ISAT support users in acheiving secure behavior using a simulated experiment with 41 participants. The methods were game-based training, where users learn by playing a game, and Context-Based Micro-Training (CBMT), where users are presented with short information in a situation where the information is of direct relevance. Participants were asked to identify phishing emails while their behavior was monitored using eye-tracking technique. The research shows that both training methods can support users towards secure behavior and that CBMT does so to a higher degree than game-based training. The research further shows that most participants were susceptible to phishing, even after training, which suggests that training alone is insufficient to make users behave securely. Consequently, future research ideas, where training is combined with other support systems, are proposed.
Citation
Kävrestad, J., Hagberg, A., Nohlberg, M., Rambusch, J., Roos, R., & Furnell, S. (2022). Evaluation of Contextual and Game-Based Training for Phishing Detection. Future Internet, 14(4), Article 104. https://doi.org/10.3390/fi14040104
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Mar 22, 2022 |
| Online Publication Date | Mar 25, 2022 |
| Publication Date | Apr 1, 2022 |
| Deposit Date | Mar 29, 2022 |
| Publicly Available Date | Mar 29, 2022 |
| Journal | Future Internet |
| Electronic ISSN | 1999-5903 |
| Publisher | MDPI AG |
| Peer Reviewed | Peer Reviewed |
| Volume | 14 |
| Issue | 4 |
| Article Number | 104 |
| DOI | https://doi.org/10.3390/fi14040104 |
| Keywords | Computer Networks and Communications |
| Public URL | https://nottingham-repository.worktribe.com/output/7655526 |
| Publisher URL | https://www.mdpi.com/1999-5903/14/4/104 |
Files
Evaluation of Contextual and Game-Based Training
(1.5 Mb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by/4.0/
You might also like
Automatically Labeling Cyber Threat Intelligence reports using Natural Language Processing
(2023)
Conference Proceeding
Accessible authentication: Assessing the applicability for users with disabilities
(2021)
Journal Article
Developing a cyber security culture: Current practices and future needs
(2021)
Journal Article
An empirical analysis of the information security culture key factors framework
(2021)
Journal Article
Realising a Push Button Modality for Video-Based Forensics
(2021)
Journal Article
Downloadable Citations
About Repository@Nottingham
Administrator e-mail: digital-library-support@nottingham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search