A Survey of Awareness of Social Engineering Attacks to Information Security Management Systems: The Case of Kibabii University Kenya

Abstract

Computer based systems are socio-technical systems in nature. The security of the system depends both on technical aspect and also social aspect. The social aspect refers to people in contact with system commonly referred to as wetware. To attack the system you may consider to target the technical or wetware. Social engineering is based on exploiting human traits that make human susceptible to these attacks. The aim of this paper was establish how aware the staff of Kibabii University were of these attributes and how these attributes could be used by social engineers to penetrate the Information Security Management systems at the institution. A survey research was adopted with a questionnaire being developed using Google application, and was administered online to all staff members of Kibabii University. A descriptive analysis was carried out on feedback. The finding was that to a large extent the sampled staff are aware of these traits but there is need for awareness training to enhance the information security management system of Kibabii University