Show simple item record

dc.contributor.advisorMcNeil, Sara G.
dc.creatorBerryman, Paul Erick
dc.date.accessioned2017-05-01T04:25:53Z
dc.date.available2017-05-01T04:25:53Z
dc.date.createdDecember 2016
dc.date.issued2016-12
dc.date.submittedDecember 2016
dc.identifier.urihttp://hdl.handle.net/10657/1757
dc.description.abstractEffective security awareness programs are desired at colleges to modify the behavior of employees and to improve the protection of sensitive information. The likelihood of theft of sensitive information from colleges has increased as the use of information technology both in instructional and support work has also grown. The increased risk of data loss is partially due to the susceptibility of employees to social engineering, which is the manipulation by criminals into divulging personal information. This is most notably accomplished by criminals through phishing emails, messages that direct an employee to a fake website with the criminals’ intent of tricking the employee into giving up their password or other sensitive information. Employees are lured to the website by clicking on an embedded link in the email they believe to be from a legitimate organization, when it is, in fact, owned by criminals. Anything typed on the website is copied by the criminals, so they can then pose as the employee on legitimate systems or applications. To protect against this attack method, it is important that employees be educated on ways to minimize risky online behavior. One such way is the use of security awareness training. Security awareness training is a program of educating college employees on security topics such as why phishing emails are used, how they work, and how to avoid them. One obstacle is determining which method of delivering the content would be the most effective and cause the employee to change their online behavior. There are several methods available, including in-person training, online video training, and email messages. These delivery methods have various challenges, including financial costs, time to implement, and time to deliver the content. This study evaluated three delivery methods to determine which is the most effective in changing employee behavior. Employees’ knowledge of terminology or content was not evaluated. Instead, this study measured their response to test emails that appeared to be malicious phishing emails. All three delivery methods were found to improve the employees’ responses to be more secure.
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.rightsThe author of this work is the copyright owner. UH Libraries and the Texas Digital Library have their permission to store and provide access to this work. Further transmission, reproduction, or presentation of this work is prohibited except with permission of the author(s).
dc.subjectSecurity
dc.subjectAwareness
dc.subjectPhishing
dc.titleMEASURING THE IMPACT OF DELIVERY METHODS ON RESPONDING TO PHISHING EMAILS BY COLLEGE EMPLOYEES
dc.date.updated2017-05-01T04:25:53Z
dc.type.genreThesis
thesis.degree.nameDoctor of Education
thesis.degree.levelDoctoral
thesis.degree.disciplineCurriculum and Instruction
thesis.degree.grantorUniversity of Houston
thesis.degree.departmentCurriculum and Instruction, Department of
dc.contributor.committeeMemberFouty, Dennis
dc.contributor.committeeMemberMountain, Lee
dc.contributor.committeeMemberRobin, Bernard R.
dc.contributor.committeeMemberWatson, Margaret
dc.creator.orcid0000-0002-8267-6578
dc.type.dcmiText
dc.format.digitalOriginborn digital
dc.description.departmentCurriculum and Instruction, Department of
thesis.degree.collegeCollege of Education


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record