Publications

Displaying 1 - 25 of 29

NIST Phish Scale User Guide

November 15, 2023

Author(s)

Shanee Dawkins, Jody Jacobs

The phishing cyber threat exploits vulnerabilities in the U.S. and around the world across private and public sectors. Embedded phishing awareness training programs, where simulated phishing emails are sent to employees, are designed to prepare employees

Can you Spot a Phish?

September 26, 2023

Author(s)

Jody Jacobs, Shanee Dawkins

This talk will cover findings from over 4 years of NIST phishing training data, highlighting user context as the key to phishing susceptibility. We will discuss the NIST Phish Scale, our research on why users click, and how it can help users spot a phish.

Phishing for User Context: Understanding the NIST Phish Scale

August 23, 2023

Author(s)

Shanee Dawkins, Jody Jacobs

The NIST Phish Scale is a method for measuring human phishing detection difficulty, providing a metric – a phishing email detection difficulty rating – for phishing training implementers to gain a better understanding of the variability in click rates

How to Scale a Phish: An Investigation into the Use of the NIST Phish Scale

August 7, 2023

Author(s)

Shanee Dawkins, Jody Jacobs

Organizations around the world are using the NIST Phish Scale (NPS) in their phishing awareness training programs. As a new metric for measuring human phish-ing detection difficulty of phishing emails, the use of the NPS by phishing training implementers

Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues

August 7, 2023

Author(s)

Lorenzo Neil, Shanee Dawkins, Jody Jacobs, Julia Sharp

Organizations use simulated phishing awareness train-ing exercises to help users identify, detect, and defend against the ever-changing phishing threat landscape. Realistic phishing emails are used to test users' ability to spot a phish from visible cues

Measuring the Effectiveness of U.S. Government Security Awareness Programs: A Mixed-Methods Study

July 31, 2023

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman

This paper presents our research from our mixed-methods study analyzing how organizations determine security awareness program effectiveness. This paper is being submitted to the 10TH International Conference on HCI in Business, Government and

Phishing With a Net: The NIST Phish Scale and Cybersecurity Awareness

April 25, 2023

Author(s)

Shanee Dawkins, Jody Jacobs

Orienting an entire organization toward sound security practices is an important, but non-trivial undertaking. A starting point for many organizations is to build a robust security awareness program, training employees to recognize and respond to security

Compliance or Impact? Insights into How U.S. Government Organizations Determine the Effectiveness of Security Awareness Programs

March 2, 2023

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

The goal of security awareness programs is to positively influence employee security behaviors. However, organizations in compliance-focused sectors may struggle to determine program effectiveness, often relying on training completion rates rather than

Federal Cybersecurity Role-Based Training Approaches, Successes, and Challenges

January 11, 2023

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman

This Special Publication details our research exploring cybersecurity role-based training for those who for individuals who are assigned management, operational, and technical roles having security and privacy responsibilities.

Can You Spot a Phish

October 19, 2022

Author(s)

Shanee Dawkins, Jody Jacobs

Measuring the Effectiveness of U.S. Government Security Awareness Programs: A Mixed-Methods Study (Short Paper)

July 14, 2022

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman

This paper presents our research from our mixed-methods study analyzing how organizations determine security awareness program effectiveness. This paper is being submitted to the Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022) 8th Workshop

Lessons Learned and Suitability of Focus Groups in Security Information Workers Research

June 26, 2022

Author(s)

Julie Haney, Jody Jacobs, Fernando Barrientos, Susanne M. Furman

Security information workers (SIW) are professionals who develop and use security-related data within their jobs. Qualitative methods -- primarily interviews -- are becoming increasingly popular in SIW research. However, focus groups are an under-utilized

An Investigation of Roles, Backgrounds, Knowledge, and Skills of U.S. Government Security Awareness Professionals

June 4, 2022

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

Security awareness professionals are tasked with implementing security awareness programs within their organizations to assist employees in recognizing and responding to security issues. Prior industry-focused surveys and research studies identified

NIST Cybersecurity Role-based Training Study Presentation

May 20, 2022

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman

This presentation is for the May 17, 2022 Federal Information Security Educators (FISSEA) Spring Forum hosted by NIST. This presentation will present our preliminary findings from our Role-Based Training Study.

Approaches and Challenges of Federal Cybersecurity Awareness Programs

March 25, 2022

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

Organizational security awareness programs may experience a number of challenges, including lack of resources, difficulty measuring the impact of the program, and perceptions among the workforce that training is a boring, "check-the-box" activity. While

Federal Cybersecurity Awareness Programs A Mixed Methods Research Study

March 25, 2022

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

Prior industry surveys and research studies have revealed that organizational security awareness programs may face a number of challenges, including lack of: leadership support; resources; and staff with sufficient background and skills to implement an

The Federal Cybersecurity Awareness Workforce: Professional Backgrounds, Knowledge, Skills, and Development Activities

March 25, 2022

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

Organizational security awareness programs may experience a number of challenges, including lack of funding and staff with the appropriate knowledge and skills to manage an effective program. While prior surveys and research have examined programs in the

NIST Security Awareness Study

October 25, 2021

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman

This is a presentation for the September 28, 2021 FISSEA conference. This presentation is on the NIST Security Awareness Study. The goal of the study is to better understand the needs, challenges, practices, and professional competencies of federal

Exploring Government Security Awareness Programs: A Mixed-Methods Approach

August 3, 2021

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman, Fernando Barrientos

Organizational security awareness programs are often underfunded and rely on part-time security awareness professionals who may lack sufficient background, skills, or resources necessary to manage an effective and engaging program. U.S. government

Cybersecurity Advocates: Force Multipliers in Security Behavior Change

July 5, 2021

Author(s)

Julie Haney, Wayne Lutters, Jody Jacobs

Cybersecurity advocates motivate individuals and organizations to adopt positive security behaviors. Based on our research, we describe qualities of successful advocates. Our findings have practical implications for expanding the cybersecurity workforce by

Search Publications by: Jody Jacobs (Fed)