Abstract:

In the context of the new accreditation of the Faculty of Security Engineering, a specialization in the field of information security is offered within the security management program. This specialization is introduced in response to the demands of practice in the field of cybersecurity. The trajectory of information security reflects these practice-defined requirements, and study plans have been developed with consideration of these aspects. One of the provided subjects, titled Cybersecurity, encompasses a curriculum related to Directive (EU) 2022/2555 of the European Parliament and of the Council dated 14 December 2022, which outlines measures for a high common level of cybersecurity across the Union. Within this subject, students acquire knowledge in various areas of cybersecurity, such as asset management, risk management, personnel security, business continuity, and others.

In the context of this article, our focus is on preparing students in the area of personnel security through an innovative method. Students undergo training focused on simulated phishing campaigns, during which they analyze the use of online tools in creating and analyzing the results of such campaigns. The aim is to explore the possibilities offered by these online tools and how they can be effectively utilized in the implementation of simulated phishing campaigns. The insights gained can be applied by students in practice as part of the framework for phishing training and testing users' resilience against real phishing attacks. The knowledge and competencies acquired through this education are designed to enable students to systematically educate users and test their resilience against phishing attacks.

Keywords:

Phishing, phishing attacks, cybersecurity, simulated attacks, resilience, students.