Scaling the Phish: Advancing the NIST Phish Scale
| Autor: | Shaneé Dawkins, Jody Jacobs, Fern Barrientos |
|---|---|
| Rok vydání: | 2021 |
| Předmět: |
Computer science
business.industry InformationSystems_INFORMATIONSYSTEMSAPPLICATIONS Usability Information security Computer security computer.software_genre Phishing Test (assessment) ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS Scale (social sciences) ComputingMilieux_COMPUTERSANDSOCIETY NIST business computer |
| Zdroj: | HCI International 2021-Posters ISBN: 9783030786410 HCI (38) |
| DOI: | 10.1007/978-3-030-78642-7_52 |
| Popis: | Organizations use phishing training exercises to help employees defend against the phishing threats that get through automatic email filters, reducing potential compromise of information security and privacy for both the individual and their organization. These exercises use fake and realistic phishing emails to test employees’ ability to detect the phish, resulting in click rates which the organization can then use to address and inform their cybersecurity training programs. However, click rates alone are unable to provide a holistic picture of why employees do or do not fall for phish emails. To this end, the National Institute of Standards and Technology (NIST) created the Phish Scale methodology for determining how difficult a phishing email is to detect [1]. Recent research on the Phish Scale has focused on improving the robustness of the method. This paper presents initial results of the ongoing developments of the Phish Scale, including work towards the repeatability and validity of the Phish Scale using operational phishing training exercise data. Also highlighted are the ongoing efforts to minimize the ambiguities and subjectivity of the Phish Scale, as well as the design of a study aimed at gauging the usability of the scale via testing with phishing exercise training implementers. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|