1
Islamic azad university Research and sciences faculty
2
Member of the Faculty of Islamic Azad University, Tehran Branch
Abstract
Social engineering is a form of attack that seeks to trick employees into revealing their confidential information or performing actions on their behalf that threaten the security of the organization. The purpose of this article is to study the organizational and individual factors that influence employees' information security awareness and how this prevents social engineering attacks. This research was conducted on 1322 employees of Tehran Municipality. Awareness of information security was confirmed as one of the main factors in ensuring information security and raising the level of information security awareness as an important factor in protecting the organization against possible attacks. The theory of rational action and its expanded theory, i.e. the theory of planned behavior, were used in this study. 12 hypotheses were designed based on the opinions of experts and previous research, and the survey showed that six of the hypotheses were confirmed, three of them were partially confirmed, and three of them were rejected. The results of the research showed that information security policies, security awareness, training and skill enhancement programs and the effect of awareness on the insight and motivation of employees and the effect of perceptual behavior control on the motivation of employees in dealing with social engineering have significant effects in preventing the occurrence of social engineering. . The relationship between leadership, trust and risky behaviors with information security awareness was also measured and a weak relationship was found between them.
Hoseini, S., & majidighahroodi, N. (2024). The role of employee information security awareness in preventing social engineering Attacks
[Case example: Tehran Municipality employees]. Electronic and Cyber Defense, 12(3), -.
MLA
Seyyedhasan Hoseini; nassim majidighahroodi. "The role of employee information security awareness in preventing social engineering Attacks
[Case example: Tehran Municipality employees]". Electronic and Cyber Defense, 12, 3, 2024, -.
HARVARD
Hoseini, S., majidighahroodi, N. (2024). 'The role of employee information security awareness in preventing social engineering Attacks
[Case example: Tehran Municipality employees]', Electronic and Cyber Defense, 12(3), pp. -.
VANCOUVER
Hoseini, S., majidighahroodi, N. The role of employee information security awareness in preventing social engineering Attacks
[Case example: Tehran Municipality employees]. Electronic and Cyber Defense, 2024; 12(3): -.
)