The role of employee information security awareness in preventing social engineering Attacks [Case example: Tehran Municipality employees]

Document Type : Original Article

Authors

1 Islamic azad university Research and sciences faculty

2 Member of the Faculty of Islamic Azad University, Tehran Branch

Abstract

Social engineering is a form of attack that seeks to trick employees into revealing their confidential information or performing actions on their behalf that threaten the security of the organization. The purpose of this article is to study the organizational and individual factors that influence employees' information security awareness and how this prevents social engineering attacks. This research was conducted on 1322 employees of Tehran Municipality. Awareness of information security was confirmed as one of the main factors in ensuring information security and raising the level of information security awareness as an important factor in protecting the organization against possible attacks. The theory of rational action and its expanded theory, i.e. the theory of planned behavior, were used in this study. 12 hypotheses were designed based on the opinions of experts and previous research, and the survey showed that six of the hypotheses were confirmed, three of them were partially confirmed, and three of them were rejected. The results of the research showed that information security policies, security awareness, training and skill enhancement programs and the effect of awareness on the insight and motivation of employees and the effect of perceptual behavior control on the motivation of employees in dealing with social engineering have significant effects in preventing the occurrence of social engineering. . The relationship between leadership, trust and risky behaviors with information security awareness was also measured and a weak relationship was found between them.

Keywords

Main Subjects


Volume 12, Issue 3 - Serial Number 47
number 47, Autmn 2024
November 2024
  • Receive Date: 16 May 2024
  • Revise Date: 30 August 2024
  • Accept Date: 02 October 2024
  • Publish Date: 22 October 2024