Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Generalizing the phishing principle: Analyzing user behavior in response to controlled stimuli for IT security awareness assessment

: Sykosch, A.; Doll, C.; Wübbeling, M.; Meier, M.


Volkamer, M. ; Association for Computing Machinery -ACM-:
ARES 2020, 15th International Conference on Availability, Reliability and Security : August 25 - August 28, 2020, All-digital Conference
New York: ACM, 2020
ISBN: 978-1-4503-8833-7
Art. 88, 10 pp.
International Conference on Availability, Reliability and Security (ARES) <15, 2020, Online>
Conference Paper
Fraunhofer FKIE ()

Capturing behavioral data to assess users' IT security awareness is state of the art. However, recording the click rate on a company wide phishing test for IT security awareness measurement does not suffice. Perceivable artifacts, that the user might be exposed to during an attack, are manifold. We introduce a framework that allows capturing user's responses to such artifacts similar to phishing tests. A field study among 259 users shows, that the expected effect of a well-established IT security awareness intervention can be demonstrated using arbitrary artifacts. It also shows that this intervention may impair the probability of a user reporting the sighting of an artifact and therefore impair an organization's capability to detect such events and possibly decrease overall security.