トップページ |
ログイン
公表論文>
論文>
An Anti-phishing Training System for Security Awareness and Education Considering Prevention of Information Leakage
|
英語タイトル
|
An Anti-phishing Training System for Security Awareness and Education Considering Prevention of Information Leakage
|
|
著者
|
- Masayuki Higashino(東野 正幸)
- Toshiya Kawato(川戸 聡也)
- Motoyuki Ohmori(大森 幹之)
- Takao Kawamura(川村 尚生)
|
|
論文誌
|
Proceedings of the 5th International Conference on Information Management
|
|
巻
|
|
|
号
|
|
|
ページ
|
pp. 82-86
|
|
出版年
|
2019年3月
|
|
概要
|
Phishing is one of the dangerous threats to organisations. A sender of a phishing e-mail pretends to be a trusted person or a system in order to steal valuable information including personal identity data and credentials. In order to deal with this problem, many organisations have implemented an anti-phishing training. However, the outsourcing of an anti-phishing training requires a high cost. Additionally, many anti-phishing training systems provided by vendors save sensitive data such as e-mail addresses and names of trainees to public servers for an anti-phishing training. This architecture has a problem that attacking these public servers increases for the risk of information leakage about trainees. Therefore, this paper proposes an anti-phishing training system which does not save sensitive data such as an e-mail address and a name of trainees to public servers, and it is implementable at a low cost. This proposed system saves sensitive data to a trainer's local computer instead of public servers. A sensitive data saved on a trainer's local computer and trainees' access log data on public servers are associated with a pseudonym generated via pseudonymisation technique. Thus, if attackers try to steal trainees' sensitive data via the Internet, it becomes difficult for attackers by deleting sensitive data on a trainer's local computer.
|
|
ファイル
|
BibTeX
|