Communications of the ACM
The Phish Scale: NIST-Developed Method Helps IT Staff See Why Users Click on Fraudulent Emails
U.S. National Institute of Standards and Technology researchers have developed the Phish Scale to help organizations train employees to avoid being deceived by seemingly trustworthy emails.
Credit: NIST
Researchers at the U.S. National Institute of Standards and Technology (NIST) have developed the Phish Scale, which could help organizations better train their employees to avoid being deceived by seemingly trustworthy emails.
The scale is designed to help information security officers better comprehend click-rate data, in order to gauge phishing training programs' effectiveness more accurately.
NIST's Michelle Steves said, "The Phish Scale is intended to help provide a deeper understanding of whether a particular phishing email is harder or easier for a particular target audience to detect."
The scale employs a rating system based on message content in a phishing email, highlighting five elements rated on a 5-point scale associated with the scenario's premise.
Trainers use the overall score to analyze their data and rank the phishing exercise's difficulty level as low, medium, or high.
From NIST
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found