In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
European Information Security Multi-Conference (EISMC 2013)
Title: Using Theories and Best Practices to Bridge the Phishing Gap
Author(s): Edwin Donald Frauenstein, Rossouw Von Solms
Keywords: phishing, social engineering, human factors, information security, agency theory, Technology Acceptance Model, COBIT
Abstract: Phishing is a mounting security problem that organisations and users continue to face. Organisations generally apply a single-layer level of defence against information security threats, which includes phishing. This single-layer level of defence is certainly not adequate against modern-day phishing attacks. It is essential for organisations to implement a holistic approach, while considering human factors, organisational aspects and technological controls to combat phishing threats. However, in each of these three elements, weaknesses arise as each is linked by means of human involvement. As a result, this approach creates a gap for successful phishing attacks to potentially compromise these elements. This paper suggests possible linkages to cover the â€˜gaps' between each of these elements. More understanding is necessary on how these linkages can be managed more appropriately. As such, this paper introduces possible theories and best practices which can be used to understand and address each of these linkages and therefore attempts to bridge the phishing gap by strengthening the human element.
Download count: 1388
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.