HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 2 - Volume 2
Designing Agent99 trainer: a learner-centered, web-based training system for deception detection
ISI'03 Proceedings of the 1st NSF/NIJ conference on Intelligence and security informatics
Training professionals to detect deception
ISI'03 Proceedings of the 1st NSF/NIJ conference on Intelligence and security informatics
| Hi-index | 0.00 |
Computer defense is not perfect. Each year hackers exploit hundreds of vulnerabilities in information systems even though millions of dollars are spent on information security. Firewalls, intrusion detection systems and patch management software all help to increase systems security, but they are only perimeter defenses. Once inside, a hacker can do significant damage and the vulnerability to deception is great. At that point, users become the last line of defense. This paper describes two field studies in which scenario-based training was used to teach information systems users how detect deception in the information they use. The first study provided deception detection training to human resource specialists who queried a database to get the need information to make decision about personnel in their organization. Deceptive data was planted in the database. The second provided training to communications specialists using a computer based training systems called Agent99. In both studies scenarios were developed as a foundation of the training programs provided. The use of the scenarios helped to keep the participants involved and focused on the training. More importantly, the subjects who received the scenario based training curriculum improved their knowledge of deception and their ability to detect deceptive data in information systems.