• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

员工对恶意诱导的风险识别与报告:基于新技能培训的纵向改进

Employee risk recognition and reporting of malicious elicitations: longitudinal improvement with new skills-based training.

作者信息

Caputo Deanna D, Danley Lura, Ratcliff Nathaniel J

机构信息

The MITRE Corporation, McLean, VA, United States.

出版信息

Front Psychol. 2024 Jul 31;15:1410426. doi: 10.3389/fpsyg.2024.1410426. eCollection 2024.

DOI:10.3389/fpsyg.2024.1410426
PMID:39144587
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC11321953/
Abstract

Numerous security domains would benefit from improved employee risk recognition and reporting through effective security training. This study assesses the effectiveness of a new skills-based training approach to improve risk recognition and reporting of malicious elicitations. Malicious elicitations are techniques that strategically use conversation (i.e., online, in writing, in person, or over the phone) with the sole purpose of collecting sensitive, non-publicly available information about business operations, people, or technological assets without raising suspicion. To an untrained observer, a skilled elicitor can make conversations seem analogous to many professional networking situations such as those experienced over email and at conferences. A 12-month longitudinal experimental study was conducted to test training effectiveness on employees of a large corporation that focuses on serving national security needs and the public interest. Half of participants were randomly assigned to receive traditional awareness-based training (i.e., reviewing informational slides) while the other half of participants received a new skills-based training that allowed them-over the course of five weeks-to iteratively practice skills learned in the training and receive feedback on their performance in their day-to-day work environment. Following training for both experimental groups, malicious elicitations and benign professional networking test messages were sent (via email & text message) to unaware employee participants for 12 months. Findings revealed that skills-based training improved reporting of malicious elicitations and lasted for up to 12 months compared to traditional awareness-based training.

摘要

许多安全领域将受益于通过有效的安全培训来提高员工对风险的识别和报告能力。本研究评估了一种新的基于技能的培训方法在提高对恶意诱导的风险识别和报告方面的有效性。恶意诱导是指策略性地利用对话(即在线、书面、面对面或通过电话),其唯一目的是收集有关业务运营、人员或技术资产的敏感、非公开信息,且不引起怀疑。对于未经训练的观察者来说,熟练的诱导者可以使对话看起来类似于许多专业社交场合,比如通过电子邮件和在会议上经历的那些场合。进行了一项为期12个月的纵向实验研究,以测试针对一家专注于满足国家安全需求和公共利益的大公司员工的培训效果。一半的参与者被随机分配接受传统的基于意识的培训(即查看信息幻灯片),而另一半参与者接受一种新的基于技能的培训,这种培训使他们在五周的时间里能够反复练习在培训中学到的技能,并在日常工作环境中获得关于其表现的反馈。在两个实验组都完成培训后,为期12个月向不知情的员工参与者发送(通过电子邮件和短信)恶意诱导和良性专业社交测试信息。研究结果显示,与传统的基于意识的培训相比,基于技能的培训提高了对恶意诱导的报告率,并且持续了长达12个月。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/59601eecae73/fpsyg-15-1410426-g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/b904400f76bc/fpsyg-15-1410426-g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/891fc45f95ea/fpsyg-15-1410426-g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/6a93ef0d22a0/fpsyg-15-1410426-g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/e5cbf4e31856/fpsyg-15-1410426-g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/2170c4b91330/fpsyg-15-1410426-g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/59601eecae73/fpsyg-15-1410426-g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/b904400f76bc/fpsyg-15-1410426-g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/891fc45f95ea/fpsyg-15-1410426-g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/6a93ef0d22a0/fpsyg-15-1410426-g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/e5cbf4e31856/fpsyg-15-1410426-g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/2170c4b91330/fpsyg-15-1410426-g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2f0b/11321953/59601eecae73/fpsyg-15-1410426-g006.jpg

相似文献

1
Employee risk recognition and reporting of malicious elicitations: longitudinal improvement with new skills-based training.员工对恶意诱导的风险识别与报告:基于新技能培训的纵向改进
Front Psychol. 2024 Jul 31;15:1410426. doi: 10.3389/fpsyg.2024.1410426. eCollection 2024.
2
3
Detrimental Effect of the Characteristic-Human-Capital-Inputs-Based Horizontal Pay Dispersion on Team Member Work Role Performance via Employee Benign and Malicious Envy: An Evidence from China.基于特征人力资本投入的横向薪酬差距通过员工良性和恶意嫉妒对团队成员工作角色绩效的不利影响:来自中国的证据
Psychol Res Behav Manag. 2022 Oct 21;15:3097-3116. doi: 10.2147/PRBM.S383969. eCollection 2022.
4
Folic acid supplementation and malaria susceptibility and severity among people taking antifolate antimalarial drugs in endemic areas.在流行地区,服用抗叶酸抗疟药物的人群中,叶酸补充剂与疟疾易感性和严重程度的关系。
Cochrane Database Syst Rev. 2022 Feb 1;2(2022):CD014217. doi: 10.1002/14651858.CD014217.
5
The effectiveness of internet-based e-learning on clinician behavior and patient outcomes: a systematic review protocol.基于互联网的电子学习对临床医生行为和患者结局的有效性:一项系统评价方案。
JBI Database System Rev Implement Rep. 2015 Jan;13(1):52-64. doi: 10.11124/jbisrir-2015-1919.
6
Phishing in healthcare organisations: threats, mitigation and approaches.医疗保健机构中的网络钓鱼:威胁、缓解措施及应对方法。
BMJ Health Care Inform. 2019 Sep;26(1). doi: 10.1136/bmjhci-2019-100031.
7
Team awareness, problem drinking, and drinking climate: workplace social health promotion in a policy context.团队意识、问题饮酒与饮酒氛围:政策背景下的职场社会健康促进
Am J Health Promot. 2004 Nov-Dec;19(2):103-13. doi: 10.4278/0890-1171-19.2.103.
8
School-based interventions for reducing disciplinary school exclusion: a systematic review.基于学校的减少校内纪律性开除的干预措施:一项系统综述
Campbell Syst Rev. 2018 Jan 9;14(1):i-216. doi: 10.4073/csr.2018.1. eCollection 2018.
9
Impact of summer programmes on the outcomes of disadvantaged or 'at risk' young people: A systematic review.暑期项目对处境不利或“有风险”的年轻人的影响:一项系统综述。
Campbell Syst Rev. 2024 Jun 13;20(2):e1406. doi: 10.1002/cl2.1406. eCollection 2024 Jun.
10
The effectiveness of mindfulness based programs in reducing stress experienced by nurses in adult hospital settings: a systematic review of quantitative evidence protocol.基于正念的项目在减轻成人医院环境中护士所经历压力方面的有效性:定量证据协议的系统评价
JBI Database System Rev Implement Rep. 2015 Oct;13(10):21-9. doi: 10.11124/jbisrir-2015-2380.

本文引用的文献

1
Effectiveness of and user preferences for security awareness training methodologies.安全意识培训方法的有效性及用户偏好
Heliyon. 2019 Jun 28;5(6):e02010. doi: 10.1016/j.heliyon.2019.e02010. eCollection 2019 Jun.
2
Easier Seen Than Done: Merely Watching Others Perform Can Foster an Illusion of Skill Acquisition.说起来容易做起来难:仅仅观察他人的表现就可以产生一种技能习得的错觉。
Psychol Sci. 2018 Apr;29(4):521-536. doi: 10.1177/0956797617740646. Epub 2018 Feb 16.
3
Fostering the Development of Master Adaptive Learners: A Conceptual Model to Guide Skill Acquisition in Medical Education.
培养精通适应性学习的学习者:指导医学教育技能获取的概念模型。
Acad Med. 2017 Jan;92(1):70-75. doi: 10.1097/ACM.0000000000001323.
4
Conceptualising barriers to incident reporting: a psychological framework.概念化事件报告的障碍:一个心理学框架。
Qual Saf Health Care. 2010 Dec;19(6):e60. doi: 10.1136/qshc.2008.030445. Epub 2010 Jun 17.
5
In search of the information literacy training 'half-life'.探寻信息素养培训的“半衰期”。
Health Info Libr J. 2007 Jun;24(2):145-9. doi: 10.1111/j.1471-1842.2007.00707.x.
6
Predicting individual differences in complex skill acquisition: dynamics of ability determinants.预测复杂技能习得中的个体差异:能力决定因素的动态变化
J Appl Psychol. 1992 Oct;77(5):598-614. doi: 10.1037/0021-9010.77.5.598.