Educating computer users concerning security threats

摘要

Attacks are simulated to a user, by performing the steps of the attacks without actually performing any malicious activity. Educational security information is displayed to the user, based on the user's response to simulated attacks. If the user responds to a simulated attack in a manner indicating that the user is vulnerable, educational security information can be displayed that educates the user as to how to avoid being victimized. One or more security settings for protecting the user's computer from malware can be adjusted, based on the user's response to the simulating of attacks. Additionally, other factors can be adjusted based on the user's response to the simulating of attacks, such as a security hygiene rating and/or a level of monitoring activity concerning the user.

主权项

1. A computer implemented method for educating and protecting users concerning attacks through attack simulation, the method comprising the steps of:
selecting a user to for attack simulation based on a security hygiene rating, wherein the security hygiene rating is based on a history of security events for the user; simulating, by a computer, the specific attack against the user, wherein the attack targets a user action to perform the attack; receiving a user action in response to the simulated specific attack; displaying educational security information to the user concerning best practices for the user including steps to avoid being victimized, based on the user's response to the simulating of the specific attack, said educational security information describing the specific attack; adjusting the security hygiene rating concerning the user, based on the user's response to the simulated specific attack; and automatically adjusting, based on the security hygiene rating of the user, at least one security setting for protecting a computer operated by the user from malware.