background
In December 2019, Maastricht University became a victim of a ransomware attack caused by opening two phishing emails. The university paid 200.000 euros in ransom. In December 2020, municipality Hof van Twente becomes also victimised by a ransomware attack. The cause of this attack was the weak and guessable password ‘Welkom2020’. The offenders demanded 750.000 euros in ransom.
A layered security approach can prevent these attacks. Each layer is a hurdle an offender must overcome to be successful. These layers could be a well-configured firewall + secure software + proper encryption + staff who behaves securely. The latter is often encouraged by providing staff with e-learning and awareness programs on information security. These awareness programs typically have a one-size-fits-all approach, where all employees receive the same content. Since people differ in many different aspects, it is naïve to consider staff as homogenous.
The project consists of 2 parts.
1) To obtain insight into the beliefs of staff regarding information security, you will develop an information security awareness survey based on (preferably) the Health Belief Model (HBM). The survey targets different specific areas within the information security domain (e.g. passwords, clean desk, email phishing or work from home). The results per domain and construct are input for building an awareness program that best fits the respondent.
2) Design training materials that target each model’s construct for one specific information security domain. By doing this, the respondent receives a tailored awareness program that best fits their needs.
The project is part of an ongoing joined research project by the LISA-DSM department and the IEBIS research group.
Keywords:
Cybersecurity; Health Belief Model; Intervention; Security Awareness; Tailored;
Interested?
Please contact Jan-Willem Bullee (j.h.bullee@utwente.nl).
Literature
Bullee, J.H., & Junger, M. (2020). How effective are social engineering interventions? A meta-analysis. Information & Computer Security, 28(5), 801-830. doi:10.1108/ics-07-2019-0078
Carpenter, C. J. (2010). A Meta-Analysis of the Effectiveness of Health Belief Model Variables in Predicting Behavior. Health Communication, 25(8), 661–669. doi:10.1080/10410236.2010.521906
Geil, A., Sagers, G., Spaulding, A. D., & Wolf, J. R. (2018). Cyber security on the farm: an assessment of cyber security practices in the United States agriculture industry. International Food and Agribusiness Management Review, 21(3), 317–334. doi:10.22434/ifamr2017.0045