Does trainer gender make a difference when delivering phishing training? A new experimental design to capture bias
Phishing is the most common vector for initial access. Current defenses such as spam filters and self-reporting phishing are unfortunately insufficient. Past works found that gender impacts the perception of risk and that background impacts susceptibility to phishing. Assessing the risk of phishing in both technical and non-technical populations has not been sufficiently explored, yet these insights could contribute to improving training material. To address this gap, we conducted a survey with 145 students at two universities. We measured (a) the effect of gender and background on identifying and assessing phishing risks and (b) the effect of gender and background on the perception of the trainer. We found that background has a significant impact on identification and assessment of phishing risks and that no gender bias was present in neither the technical nor non-technical population.
Thu 20 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
16:00 - 17:15 | Security (2)Research Papers / Industry at Room Vietri Chair(s): Muhammad Ali Babar School of Computer Science, The University of Adelaide | ||
16:00 15mTalk | VulDL: Tree-based and Graph-based Neural Networks for Vulnerability Detection and Localization Research Papers Jingzheng Wu Institute of Software, The Chinese Academy of Sciences, Xiang Ling Institute of Software, Chinese Academy of Sciences, Xu Duan Institute of Software, Chinese Academy of Sciences, Tianyue Luo Institute of Software, Chinese Academy of Sciences, Mutian Yang Institute of Software, Chinese Academy of Sciences | ||
16:15 15mTalk | How the Training Procedure Impacts the Performance of Deep Learning-based Vulnerability Patching Research Papers Antonio Mastropaolo William and Mary, USA, Vittoria Nardone University of Molise, Gabriele Bavota Software Institute @ Università della Svizzera Italiana, Massimiliano Di Penta University of Sannio, Italy | ||
16:30 15mTalk | Reality Check: Assessing GPT-4 in Fixing Real-World Software Vulnerabilities Research Papers Zoltán Ságodi University of Szeged, Gabor Antal University of Szeged, Bence Bogenfürst University of Szeged, Martin Isztin University of Szeged, Peter Hegedus University of Szeged, Rudolf Ferenc University of Szeged | ||
16:45 15mTalk | Does trainer gender make a difference when delivering phishing training? A new experimental design to capture bias Research Papers André Palheiros Da Silva Vrije Universiteit, Winnie Bahati Mbaka Vrije Universiteit, Johann Mayer University of Twente, Jan-Willem Bullee University of Twente, Katja Tuma Vrije Universiteit Amsterdam | ||
17:00 15mTalk | Leveraging Large Language Models for Preliminary Security Risk Analysis: A Mission-Critical Case Study Industry Matteo Esposito University of Rome Tor Vergata, Francesco Palagiano Multitel di Lerede Alessandro & C. s.a.s. DOI Pre-print | ||