@inproceedings{5a65700b2e5f496dbc75e583fc655377,
title = "Evaluating the Information Security Awareness of Smartphone Users",
abstract = "Information security awareness (ISA) is a practice focused on the set of skills which help a user successfully mitigate social engineering (SE) attacks. Evaluating the ISA of users is crucial, since early identification of users who are more vulnerable to SE attacks improves system security. Previous studies for evaluating the ISA of smartphone users rely on subjective data sources (questionnaires) and do not address the differences between classes of SE attacks. This paper presents a framework for evaluating the ISA of smartphone users for specific attack classes. In addition to questionnaires, we utilize objective data sources: A mobile agent, a network traffic monitor, and cybersecurity challenges. We evaluated the framework by conducting a long-term user study involving 162 users. The results show that: The self-reported behavior of users differs significantly from their actual behavior and the ISA level derived from the actual behavior of users is highly correlated with their ability to mitigate SE attacks.",
keywords = "human factors, information security awareness, mobile devices, social engineering",
author = "Ron Bitton and Kobi Boymgold and Rami Puzis and Asaf Shabtai",
note = "Publisher Copyright: {\textcopyright} 2020 ACM.; 2020 ACM CHI Conference on Human Factors in Computing Systems, CHI 2020 ; Conference date: 25-04-2020 Through 30-04-2020",
year = "2020",
month = apr,
day = "21",
doi = "https://doi.org/10.1145/3313831.3376385",
language = "American English",
series = "Conference on Human Factors in Computing Systems - Proceedings",
booktitle = "CHI 2020 - Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems",
}