Merging Policy and Practice: Crafting Effective Social Engineering Awareness-Raising Policies

Eliana Stavrou; Andriani Piki; Panayiotis Varnava

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Merging Policy and Practice: Crafting Effective Social Engineering Awareness-Raising Policies

Topics: Security Awareness and Education

In Proceedings of the 10th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 179-186, 2024 , Rome, Italy

Authors: Eliana Stavrou ¹ ; Andriani Piki ² and Panayiotis Varnava ²

Affiliations: ¹ Faculty of Pure and Applied Sciences, Open University of Cyprus, Nicosia, Cyprus ; ² School of Sciences, University of Central Lancashire Cyprus, Pyla, Cyprus

Keyword(s): Cybersecurity, Cybersecurity Policy Design, Social Engineering, Cybersecurity Awareness, Upskilling.

Abstract: Cybersecurity policies play a fundamental role in fostering organizational cyber governance and cyber resilience. Cybersecurity awareness-raising and training policies specify upskilling requirements and explicitly address persistent threats such as social engineering attacks. While cybersecurity awareness-raising and training activities complement the objectives of security policies, challenges including stakeholder diversity, budget constraints, generic messaging and low user engagement hinder their effectiveness. For successful policy adoption it is crucial for the workforce to grasp the relevance of these policies within their work context, understand how social engineering attacks are deployed, and apply policy rules appropriately. However, existing awareness-raising and training policies often lack specificity, leading to gaps in employee engagement and behavioural change, especially regarding social engineering threats. To address these issues, the paper proposes a dedicated s ocial engineering awareness-raising policy, guided by Merrill’s Principles of Instructions. This work aims to merge policy and practice, offering tailored examples of social engineering attacks, explicitly connecting them to relevant cybersecurity policies and making the content more engaging and relevant to the workforce. This is envisioned as a cost-effective resource for organizations with a limited training budget, which can be utilized as a starting point to enhance employee awareness, engagement, and foster a stronger organizational cyber resilience culture. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.224.109.21

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Stavrou, E.; Piki, A. and Varnava, P. (2024). Merging Policy and Practice: Crafting Effective Social Engineering Awareness-Raising Policies. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-683-5; ISSN 2184-4356, SciTePress, pages 179-186. DOI: 10.5220/0012410300003648

@conference{icissp24,
author={Eliana Stavrou. and Andriani Piki. and Panayiotis Varnava.},
title={Merging Policy and Practice: Crafting Effective Social Engineering Awareness-Raising Policies},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP},
year={2024},
pages={179-186},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012410300003648},
isbn={978-989-758-683-5},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP
TI - Merging Policy and Practice: Crafting Effective Social Engineering Awareness-Raising Policies
SN - 978-989-758-683-5
IS - 2184-4356
AU - Stavrou, E.
AU - Piki, A.
AU - Varnava, P.
PY - 2024
SP - 179
EP - 186
DO - 10.5220/0012410300003648
PB - SciTePress