The Design and Evaluation of an Interactive Social Engineering Training Programme

Social engineering is a major issue affecting organisational security. Educating employees on how to avoid social engineering attacks is important because social engineering tries to penetrate an organisation by using employees to grant authorized access to sensitive information. While there are a number of theoretical studies about social engineering, a few practical studies have moved towards educating and training employees on how to spot such attacks. In this research, we emphasise the importance of educating employees to make them more resilient to these kinds of attacks. We developed an educational video encapsulated within a Social Engineering Training Programme. This is essentially an interactive training video during which the learner interacts with three different scenarios; educational content, a knowledge-check, and a web page containing the latest news about current social engineering attacks. The training programme was evaluated in a Saudi trading company with 24 employees. The evaluation showed that the programme delivered a positive impact in terms of awareness, as tested by a post-training qui

Design and evaluation of graphical authentication systems for Arab children

The increasing use of digital technologies by all ages means the number of online accounts used by children is also increasing. The COVID-19 pandemic further increased this situation with children staying at home to do schooling and communicate with friends online. It is thus urgent to investigate authentication systems for this age group. Text passwords are still the most used authentication systems, however children have a range of problems with them. Unfortunately, little research has investigated suitable authentication systems for children. The aim of this programme of research is to bridge this gap by investigating the usability of graphical authentication systems for children. The research is divided into three phases, each consisting of one or more studies that provide insight for the next phase. Phase 1 focuses on understanding and exploring password knowledge and practices of children who are native speakers of Arabic. This phase revealed a number of challenges for Arabic children with text passwords, due to their level of cognitive development and lack of literacy in the English language. In Phase 2 two graphical authentication systems, DoodlePass and ObjectPass, were designed and evaluated based on three usability aspects: effectiveness, efficiency, and satisfaction. The findings showed that both these systems are effective, efficient, and satisfying for Arab children aged 6 to 12 years, and promising alternatives for text passwords. Phase 3 compared the DoodlePass and ObjectPass authentication systems. The findings showed that ObjectPass is significantly more effective, efficient, and satisfying compared with DoodlePass. Both qualitative and quantitative analysis of the data were undertaken at all stages of the research. Overall, the findings suggest that graphical authentication systems are usable and promising alternatives for text passwords to overcome literacy and memorability challenges for children in the 6 to 12 years age group

The Design and Evaluation of an Interactive Social Engineering Training Programme

Social engineering is a major issue affecting organisational security. Educating employees on how to avoid social engineering attacks is important because social engineering tries to penetrate an organisation by using employees to grant authorized access to sensitive information. While there are a number of theoretical studies about social engineering, a few practical studies have moved towards educating and training employees on how to spot such attacks. In this research, we emphasise the importance of educating employees to make them more resilient to these kinds of attacks. We developed an educational video encapsulated within a Social Engineering Training Programme. This is essentially an interactive training video during which the learner interacts with three different scenarios; educational content, a knowledge-check, and a web page containing the latest news about current social engineering attacks. The training programme was evaluated in a Saudi trading company with 24 employees. The evaluation showed that the programme delivered a positive impact in terms of awareness, as tested by a post-training qui