It is commonly stated that the end user is one of the biggest security risks in a company. All it takes is once user to be socially manipulated into divulging confidential information, and critical company data can become compromised. This study will investigate the correlation between a user’s InfoSec Literacy, credulousness, and their willingness to divulge information that can be used to compromise company data. A sample of the general population will be given a survey that will be presented to them as a general IT survey. On this survey, they will be first polled on their overall InfoSec literacy and social habits (as well as general computer usage and malware statistics). The participants will then be asked to divulge both public and private information about their accounts and usage patterns. Based on results we will be able to correlate InfoSec literacy and trusting behavior with the willingness to divulge their confidential information to an untrusted source. The results could impact how companies go about their training, and also may bring a change to general HR hiring practices.
Aiello, Michael, "End User Information Security: How InfoSec Literacy Affects Business" (2015). MBA Student Scholarship. 43.