Dr. Mark Ciampa

Western Kentucky University 

Phishing: Protecting Users Through Behavior Influencing Security Policies

Abstract

Computer security remains a fundamental problem for computer users and organizations.  One of the most common types of attacks is“phishing," which is the act of tricking the user into divulging confidential information.  Different strategies have been proposed to protect users from phishing.  These include eliminating the threat, warning users about the threat, and training users to not provide confidential information.  Each of these strategies has proven to be marginally effective.  Some organizations are now using written security policies to influence user behavior in defending against phishing attacks. In this talk, we will discuss computer security: how we got to where we are today, phishing attacks and defenses, ineffectiveness of types of user training, how security policies play a role in organizations today, and various content elements of security policies and their effect on mitigating phishing attacks.

About the Speaker

Mark Ciampa is an Assistant Professor of Computer Information Systems at Western Kentucky University in Bowling Green, Kentucky and holds a PhD in Digital Communication Systems from Indiana State University. Prior to this he was an Associate Professor and served as the Director of Academic Computing at Volunteer State Community College in Gallatin, Tennessee for 20 years. Mark has worked in the IT industry as a computer consultant for the U.S. Postal Service, the Tennessee Municipal Technical Advisory Service, and the University of Tennessee.  He is also the author of 19 technology textbooks, including Security+ Guide to Network Security Fundamentals 3ed, CWNA Guide to Wireless LANs 2ed, Guide to Wireless Communications, Security Awareness: Applying Practical Security In Your World, and Networking BASICS