The role of employees' information security awareness on the intention to resist social engineering

Tanja Grassegger, Dietmar Nedbal

Research output: Contribution to journalConference articlepeer-review

Abstract

Social engineering is a form of attack trying to manipulate employees to make them disclose confidential information or perform actions that threatens the security of organizations. The goal of this paper is to study both individual and organizational factors that affect information security awareness of employees and how this leads to intention to resist social engineering attacks. The proposed research model is validated using survey data of 136 employees. The empirical results suggest that leadership and the tendency toward risky behavior are influencing information security awareness of employees. Information security awareness was confirmed as a central factor for information security, whereby the promotion of awareness for information security is indicated as an important aspect to protect a company from potential attacks. The impact of information security awareness on attitude, perceived behavior control and subjective norm in addition to the indirect effect on the intention to resist social engineering, underline the importance of this factor.

Keywords

  • Information security
  • Information security awareness
  • Social engineering
  • Theory of planned behavior

Fingerprint Dive into the research topics of 'The role of employees' information security awareness on the intention to resist social engineering'. Together they form a unique fingerprint.

Cite this