A Model-Based Framework for Detecting and Preventing Phishing Attacks in Organizations using a GRC Approach

Fahim-ullah-Hisbani and Asia Soomro

Department of Information Technology, Mehran University of Engineering and Technology, Jamshoro Department of Data Analysis, Mehran University of Engineering and Technology, Jamshoro

Abstract

This study presents a new framework for detecting and preventing phishing attacks in organizations using a Governance, Risk, and Compliance (GRC) approach. The research looks at why phishing attacks succeed and proposes a three-layer defense system: Governance (creating anti-phishing policies), Risk Management (identifying vulnerable assets and people), and Compliance (tracking prevention efforts and reporting incidents). Unlike earlier models, the framework focuses on organizational policy development and employee vulnerability assessment alongside technical solutions. Using a design science approach, we developed this framework to help organizations build an anti-phishing culture that combines human awareness with technological protection.

Article Information

*Corresponding author: Correspondence: fahim.hisbani888@gmail.com

INTRODUCTION

REFERENCES

Article Files

Article Views: 2
Article Downloads:

A Model-Based Framework for Detecting and Preventing Phishing Attacks in Organizations using a GRC Approach

Fahim-ullah-Hisbani and Asia Soomro

Department of Information Technology, Mehran University of Engineering and Technology, Jamshoro Department of Data Analysis, Mehran University of Engineering and Technology, Jamshoro

Article Information

About US

Important Links

Relevant

Visitors