The role of employees' information security awareness on the intention to resist social engineering

Tanja Grassegger, Dietmar Nedbal

Publikation: Beitrag in FachzeitschriftKonferenzartikelBegutachtung

27 Zitate (Scopus)


Social engineering is a form of attack trying to manipulate employees to make them disclose confidential information or perform actions that threatens the security of organizations. The goal of this paper is to study both individual and organizational factors that affect information security awareness of employees and how this leads to intention to resist social engineering attacks. The proposed research model is validated using survey data of 136 employees. The empirical results suggest that leadership and the tendency toward risky behavior are influencing information security awareness of employees. Information security awareness was confirmed as a central factor for information security, whereby the promotion of awareness for information security is indicated as an important aspect to protect a company from potential attacks. The impact of information security awareness on attitude, perceived behavior control and subjective norm in addition to the indirect effect on the intention to resist social engineering, underline the importance of this factor.

Seiten (von - bis)59-66
FachzeitschriftProcedia Computer Science
PublikationsstatusVeröffentlicht - 2021
Veranstaltung2020 International Conference on ENTERprise Information Systems - International Conference on Project MANagement and International Conference on Health and Social Care Information Systems and Technologies, CENTERIS/ProjMAN/HCist 2020 - Vilamoura, Portugal
Dauer: 21 Okt. 202023 Okt. 2020


Untersuchen Sie die Forschungsthemen von „The role of employees' information security awareness on the intention to resist social engineering“. Zusammen bilden sie einen einzigartigen Fingerprint.