Information leakage preventive training

Norhafizah Abu Bakar, Masnizah Mohd, Rossilawati Sulaiman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Phishing is an attempt to obtain private/confidential information such as usernames, passwords, and financial details. It is often for malicious reasons by disguising as a trustworthy entity in an electronic communication such as email. The chances of obtaining confidential or personal information are higher when website medium combined with email medium in launching phishing attacks. Universiti Kebangsaan Malaysia (UKM) has experienced phishing emails attacks in 2016. Besides technology that focuses on email security, the safety awareness program that meant to provide education to the users especially UKM staffs needs to be enhanced to reduce the risk of thievery on personal data, university confidential information and research data. The simulation approach in a real environment can provide a true picture to the staffs about the serious impact of phishing attacks. The objectives of the simulation are to measure and to educate UKM staffs on the security awareness. We designed a spear phishing simulation procedure with collaboration between the Faculty of Information Science and Technology (FTSM), Information Technology Center, Bursary Department and Department of Registrar, UKM. The simulation was conducted from 11-13 January 2017 with 553 email addresses were identified from five different faculties. There were 209 respondents (38%) who have entered their official ids (captured) and password (not captured). The differences in the number of respondents between science and technology (S&T) faculties and non-S&T faculties indicated the security awareness is in the worrying level. A high percentage of responses among the management and professional group can also be classified as being in an alarming rate. This simulation is the first practice in UKM and it helps to increase awareness and provide education about cyber security.

Original languageEnglish
Title of host publicationProceedings of the 2017 6th International Conference on Electrical Engineering and Informatics
Subtitle of host publicationSustainable Society Through Digital Innovation, ICEEI 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-6
Number of pages6
Volume2017-November
ISBN (Electronic)9781538604755
DOIs
Publication statusPublished - 9 Mar 2018
Event6th International Conference on Electrical Engineering and Informatics, ICEEI 2017 - Langkawi, Malaysia
Duration: 25 Nov 201727 Nov 2017

Other

Other6th International Conference on Electrical Engineering and Informatics, ICEEI 2017
CountryMalaysia
CityLangkawi
Period25/11/1727/11/17

Fingerprint

Malaysia
Electronic mail
Electronic Mail
Leakage
Technology
Confidentiality
Password
Attack
Simulation
Information technology
Education
Information Science
Computer Security
Information Centers
Data privacy
Private Information
Information science
Launching
Information Technology
Percentage

Keywords

  • security awareness
  • simulation
  • spear phishing

ASJC Scopus subject areas

  • Artificial Intelligence
  • Control and Optimization
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Information Systems
  • Software
  • Electrical and Electronic Engineering
  • Health Informatics

Cite this

Bakar, N. A., Mohd, M., & Sulaiman, R. (2018). Information leakage preventive training. In Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017 (Vol. 2017-November, pp. 1-6). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICEEI.2017.8312403

Information leakage preventive training. / Bakar, Norhafizah Abu; Mohd, Masnizah; Sulaiman, Rossilawati.

Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. Vol. 2017-November Institute of Electrical and Electronics Engineers Inc., 2018. p. 1-6.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Bakar, NA, Mohd, M & Sulaiman, R 2018, Information leakage preventive training. in Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. vol. 2017-November, Institute of Electrical and Electronics Engineers Inc., pp. 1-6, 6th International Conference on Electrical Engineering and Informatics, ICEEI 2017, Langkawi, Malaysia, 25/11/17. https://doi.org/10.1109/ICEEI.2017.8312403
Bakar NA, Mohd M, Sulaiman R. Information leakage preventive training. In Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. Vol. 2017-November. Institute of Electrical and Electronics Engineers Inc. 2018. p. 1-6 https://doi.org/10.1109/ICEEI.2017.8312403
Bakar, Norhafizah Abu ; Mohd, Masnizah ; Sulaiman, Rossilawati. / Information leakage preventive training. Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. Vol. 2017-November Institute of Electrical and Electronics Engineers Inc., 2018. pp. 1-6
@inproceedings{f3b71e12cd6c4160b39272d0bea40405,
title = "Information leakage preventive training",
abstract = "Phishing is an attempt to obtain private/confidential information such as usernames, passwords, and financial details. It is often for malicious reasons by disguising as a trustworthy entity in an electronic communication such as email. The chances of obtaining confidential or personal information are higher when website medium combined with email medium in launching phishing attacks. Universiti Kebangsaan Malaysia (UKM) has experienced phishing emails attacks in 2016. Besides technology that focuses on email security, the safety awareness program that meant to provide education to the users especially UKM staffs needs to be enhanced to reduce the risk of thievery on personal data, university confidential information and research data. The simulation approach in a real environment can provide a true picture to the staffs about the serious impact of phishing attacks. The objectives of the simulation are to measure and to educate UKM staffs on the security awareness. We designed a spear phishing simulation procedure with collaboration between the Faculty of Information Science and Technology (FTSM), Information Technology Center, Bursary Department and Department of Registrar, UKM. The simulation was conducted from 11-13 January 2017 with 553 email addresses were identified from five different faculties. There were 209 respondents (38{\%}) who have entered their official ids (captured) and password (not captured). The differences in the number of respondents between science and technology (S&T) faculties and non-S&T faculties indicated the security awareness is in the worrying level. A high percentage of responses among the management and professional group can also be classified as being in an alarming rate. This simulation is the first practice in UKM and it helps to increase awareness and provide education about cyber security.",
keywords = "security awareness, simulation, spear phishing",
author = "Bakar, {Norhafizah Abu} and Masnizah Mohd and Rossilawati Sulaiman",
year = "2018",
month = "3",
day = "9",
doi = "10.1109/ICEEI.2017.8312403",
language = "English",
volume = "2017-November",
pages = "1--6",
booktitle = "Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Information leakage preventive training

AU - Bakar, Norhafizah Abu

AU - Mohd, Masnizah

AU - Sulaiman, Rossilawati

PY - 2018/3/9

Y1 - 2018/3/9

N2 - Phishing is an attempt to obtain private/confidential information such as usernames, passwords, and financial details. It is often for malicious reasons by disguising as a trustworthy entity in an electronic communication such as email. The chances of obtaining confidential or personal information are higher when website medium combined with email medium in launching phishing attacks. Universiti Kebangsaan Malaysia (UKM) has experienced phishing emails attacks in 2016. Besides technology that focuses on email security, the safety awareness program that meant to provide education to the users especially UKM staffs needs to be enhanced to reduce the risk of thievery on personal data, university confidential information and research data. The simulation approach in a real environment can provide a true picture to the staffs about the serious impact of phishing attacks. The objectives of the simulation are to measure and to educate UKM staffs on the security awareness. We designed a spear phishing simulation procedure with collaboration between the Faculty of Information Science and Technology (FTSM), Information Technology Center, Bursary Department and Department of Registrar, UKM. The simulation was conducted from 11-13 January 2017 with 553 email addresses were identified from five different faculties. There were 209 respondents (38%) who have entered their official ids (captured) and password (not captured). The differences in the number of respondents between science and technology (S&T) faculties and non-S&T faculties indicated the security awareness is in the worrying level. A high percentage of responses among the management and professional group can also be classified as being in an alarming rate. This simulation is the first practice in UKM and it helps to increase awareness and provide education about cyber security.

AB - Phishing is an attempt to obtain private/confidential information such as usernames, passwords, and financial details. It is often for malicious reasons by disguising as a trustworthy entity in an electronic communication such as email. The chances of obtaining confidential or personal information are higher when website medium combined with email medium in launching phishing attacks. Universiti Kebangsaan Malaysia (UKM) has experienced phishing emails attacks in 2016. Besides technology that focuses on email security, the safety awareness program that meant to provide education to the users especially UKM staffs needs to be enhanced to reduce the risk of thievery on personal data, university confidential information and research data. The simulation approach in a real environment can provide a true picture to the staffs about the serious impact of phishing attacks. The objectives of the simulation are to measure and to educate UKM staffs on the security awareness. We designed a spear phishing simulation procedure with collaboration between the Faculty of Information Science and Technology (FTSM), Information Technology Center, Bursary Department and Department of Registrar, UKM. The simulation was conducted from 11-13 January 2017 with 553 email addresses were identified from five different faculties. There were 209 respondents (38%) who have entered their official ids (captured) and password (not captured). The differences in the number of respondents between science and technology (S&T) faculties and non-S&T faculties indicated the security awareness is in the worrying level. A high percentage of responses among the management and professional group can also be classified as being in an alarming rate. This simulation is the first practice in UKM and it helps to increase awareness and provide education about cyber security.

KW - security awareness

KW - simulation

KW - spear phishing

UR - http://www.scopus.com/inward/record.url?scp=85050759597&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050759597&partnerID=8YFLogxK

U2 - 10.1109/ICEEI.2017.8312403

DO - 10.1109/ICEEI.2017.8312403

M3 - Conference contribution

AN - SCOPUS:85050759597

VL - 2017-November

SP - 1

EP - 6

BT - Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics

PB - Institute of Electrical and Electronics Engineers Inc.

ER -