The Impact Of Computer Security Policy Content Elements On Mitigating Phishing Attacks

Author

Mark D. Ciampa, Indiana State University

Date of Award

2008

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Computer Science

Abstract

Computer security remains a fundamental problem for computer users and organizations. One of the most common types of attacks is "phishing", which is the act of tricking the user into divulging confidential information. Different strategies have been proposed to protect users from phishing. These include eliminating the threat, warning users about the threat, and training users to not provide confidential information. Each of these strategies has proven to be marginally effective. Some organizations are now using written security policies to influence user behavior in defending against phishing attacks. This study employed empirical research methods on participants to determine the effectiveness of three specific content elements of a security policy to mitigate phishing attacks. The research results reveal that a security policy that contains an explanation of the impact of an attack provides no significant impact on mitigating phishing attacks. The research results also reveal that a security policy that contains a statement indicating an evaluation for non-compliance provides no significant impact on mitigating phishing attacks. Finally, the research results reveal that a security policy that contains a statement from a direct authority provides no significant impact on mitigating phishing attacks.

Recommended Citation

Ciampa, Mark D., "The Impact Of Computer Security Policy Content Elements On Mitigating Phishing Attacks" (2008). All-Inclusive List of Electronic Theses and Dissertations. 1286.
https://scholars.indianastate.edu/etds/1286