Advisor

Testing Assumptions About Security Awareness

Posted December 6, 2011 | | Amplify

It's clear that our once-a-year, work-your-way-through-a-slide-set approach to computer security training doesn't work. Even with this training, people still write down their passwords, click on links in emails from untrusted sources, and download free software with unknown provenance. For example, last year, 10,000 New York State employees were sent a phishing email to test their ability to recognize suspicious email and links. Three-quarters of the recipients opened the email, and 17% clicked on the embedded link.

About The Author
Shari Pfleeger
Shari Lawrence Pfleeger is Director of Research for the Institute for Information Infrastructure Protection (I3P), a consortium of 27 US universities, national laboratories, and nonprofit research institutions examining critical problems in cyber security, dependability, safety, and reliability. Dr. Pfleeger's work examines how technology supports business and government goals. Her many articles and books include Security in Computing (with… Read More
Don’t have a login? Make one! It’s free and gives you access to all Cutter research.