Abstract
The increase in social-engineering threats within the Saudi public sector has changed awareness and training methods. However, due to employees' lack of awareness, social engineering could lead to a breach whereby attackers identify vulnerabilities and subsequently launch their attacks. A social-engineering attack is a high risk to the Saudi public sector and may significantly affect its security measures. Thus, the benefits of adopting awareness-enhancement tools in the public sector are undeniable. This study proposes a conceptual awareness model designed to enhance employee awareness in the Saudi public sector to address this issue. This study reviews seven main factors of social engineering risk: phishing, baiting, pretexting, quid pro quo, tailgating, related security policies, and the ability to identify attacks and respond to threats. Additionally, this research examines one public sector actor in Saudi Arabia as a case study. The findings led to a model creation comprising of five components: a situation-awareness model for phishing, an information-security awareness tool, a power-knowledge-practice triangle, Saudi public sector follow-up metrics, and implementation phases. As a result, an a priori model was successfully developed, tested, and applied in the subsequent stage by the case study participants, the employees.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
