Information security as a management strategy

Assessment of personalized training for phishing prevention

Authors

DOI:

https://doi.org/10.20397/2177-6652/2026.v26i2.3251

Keywords:

Segurança da Informação, phishing, Sistemas Multiagentes, Treinamento Corporativo, Gestão de Riscos

Abstract

Objective: To investigate the effectiveness of different adaptive training strategies in reducing human vulnerability to phishing attacks in organizational environments, through agent-based computational simulation. 

Methodology: The study employs modeling based on Multi-Agent Systems (SMA) to simulate the behavior of users, attackers, and trainers within an organizational ecosystem. Four training strategies were tested, each based on different internal metrics, in addition to a control scenario, totaling 125 executions on NetLogo platform, with quantitative analysis of performance metrics. 

Originality: The research addresses a gap in the literature on organizational security by comparatively evaluating training strategies based on managerial criteria, applying MAS as a predictive and exploratory tool to support cybersecurity decision-making. 

Main results: All strategies outperformed the control scenario. The Random strategy showed greater stability and effectiveness in mitigating attacks, followed by the Risk-based approach, both achieving broad coverage across simulated groups. 

Methodological contributions: The study advances the application of SMA to information security problems, demonstrating its potential to simulate complex interactions between human behavior and strategic decisions in organizations. 

Management contributions: It presents practical implications for managers by providing evidence on the effectiveness of awareness strategies and supporting the intelligent allocation of resources to more effective security policies. 

Keywords: Information Security, phishing, Multi-Agent Systems, Corporate Training, Risk Management 

Author Biography

João Emmanuel D'Alkmin Neves, Americana Faculty of Technology

Doctorate in Technology from the State University of Campinas (2024). M.Sc. in Technology from the State University of Campinas (2018). Former Science Without Borders scholarship holder (2013–2014). Bachelor’s degree in Systems Analysis and Development from FATEC/Americana with a sandwich program in Computer Science at SUNY – State University of New York (2015). Currently a Higher Education Lecturer at FATEC Americana and Editor of the Revista Tecnológica da Fatec Americana. Experience in multiplatform programming, cloud computing, and the Internet of Things. Research topics: artificial intelligence, multi-agent systems, data mining, machine learning, and education.

References

Albrecht, S. V., Christianos, F., & Schäfer, L. (2024). Multi‑agent reinforcement learning: Foundations and modern approaches. MIT Press. https://www.marl-book.com

Bateman, T. S., & Snell, S. A. (2017). Administração: Princípios e aplicações (11ª ed.). Cengage Learning.

Chiew, T. K., Yong, K. S. C., & Tan, C. L. (2018). A survey of phishing attacks: Their types, vectors and technical approaches. Expert Systems with Applications, 106, 1–20. https://doi.org/10.1016/j.eswa.2018.03.057

Davenport, T. H., & Harris, J. G. (2017). Competing on Analytics, Updated, with a New Introduction: The New Science of Winning. Harvard Business Review Press.

Fleury, A. C. C., & Fleury, M. T. L. (2000). Estratégias empresariais e formação de competências. Atlas.

Fornasier, M. O., Knebel, N. M. P., & Silva, F. V. (2024). Phishing e Engenharia Social: entre a criminalização e a utilização de meios sociais de proteção. Meritum: Revista de Derecho de la Universidad FUMEC, 15(1), 123-140. https://doi.org/10.46560/meritum.v15i1.7771

Hadnagy, C. (2018). Social engineering: The science of human hacking (2nd ed.). John Wiley & Sons.

He, W., Xu, W., Ge, X., Han, Q., Du, W., & Qian, F. (2022). Secure control of multiagent systems against malicious attacks: a brief survey. IEEE Transactions on Industrial Informatics, 18(6), 3595-3608. https://doi.org/10.1109/TII.2021.3126644

Kavar, H., Padilla, J. J., Vernon-Bido, D., Diallo, S. Y., Gore, R., & Shetty, S. (2021). Simulation for cybersecurity: state of the art and future directions. Journal of Cybersecurity, 7(1). https://doi.org/10.1093/cybsec/tyab005

Khonji, M., Iraqi, Y., & Jones, A. (2013). Phishing Detection: A Literature Survey. IEEE Communications Surveys & Tutorials, 15(4), 2091-2121. https://doi.org/10.1109/SURV.2013.032213.00009

Laudon, K. C., & Laudon, J. P. (2020). Sistemas de informação gerenciais (14ª ed.). Pearson.

Livingston, S. A., Sarafadeen, L. L., & Muhammad, A. B. (2024). Human-Centric Cybersecurity: Behavioral Insights and Strategic Approaches for Enhanced Awareness. Global Journal of Research in Engineering & Computer Sciences, 4(6), 107–113. gjrpublication. https://doi.org/10.5281/zenodo.14497164

Maximiano, A. C. A. (2022). Teoria Geral da Administração (9ª ed.). Atlas.

Moura, T. M., & D' Alkmin Neves, J. E. (2021). Análise de segurança em dispositivos internet das coisas. Revista Interface Tecnológica, 18(2), 15-27. https://doi.org/10.31510/infa.v18i2.1174

Neves, J. E. D. (2024). Mineração de dados aplicada a simulação de cenários complexos em sistemas multiagentes [Tese de doutorado, Universidade Estadual de Campinas]. Repositório Institucional da UNICAMP. https://www.repositorio.unicamp.br/acervo/detalhe/1395946

Neves, J. E. D. A. (2021). Modelo Baseado em Agentes para Simulação de Consumo de Energia Elétrica em Função do Comportamento Humano. Revista Eletrônica Anima Terra, 12, 89-103. https://fatecmogidascruzes.com.br/pdf/animaTerra/edicao12/artigo7.pdf

Neves, J. E. D., Pedro, P. S. M., de Freitas Gomes Hernandez, M., & Junior, L. A. F. (2023). Simulation of the implementation of domestic solar systems using multi-agent systems from web scraping. In Y. Iano, O. Saotome, G. L. Kemper Vásquez, C. Cotrim Pezzuto, R. Arthur, & G. Gomes de Oliveira (Eds.), Proceedings of the 7th Brazilian Technology Symposium (BTSym’21) (Vol. 207, pp. 85–97). Springer. https://doi.org/10.1007/978-3-031-04435-9_8

Resnick, N. E., & Bastos-Filho, C. J. A. (2024). Aplicação de Aprendizado de Máquinas para Detecção de URLs Phishing. Revista de Engenharia e Pesquisa Aplicada, 9(1), 41-49. https://doi.org/10.25286/repa.v9i1.2773

Robbins, S. P., & Coulter, M. (2020). Administração (14ª ed.). Pearson.

Souza, A. L. O., Bastos, C. V., Santos, P. M. S., Soares, N. M., & Neves, J. E. D. (2024). Cibersegurança na Agricultura de Precisão: Exploração à Aplicação de Medidas Preventivas. Advances in Global Innovation & Technology, 2, 61-73. https://doi.org/10.29327/2384439.2.2-5

Tan, Z., Beuran, R., Hasegawa, S., Jiang, W., Zhao, M., & Tan, Y. (2020). Adaptive security awareness training using linked open data datasets. Educ Inf Technol, 25, 5235–5259. https://doi.org/10.1007/s10639-020-10155-x

Tonezer, L. N., Silva, A. C. M., Almeida, A. H., & Neves, J. E. D. (2024). Simulações Multiagentes e Phishing: Explorando a Segurança em Ambientes de Nuvem. Revista Tecnológica da Fatec de Americana, 11(02). https://fatec.edu.br/revista/index.php/RTecFatecAM/article/view/393

Vilela, E., Ueda, E. T., & Gava, V. L. (2023). Phishing e engenharia social: Conceitos, modalidades, técnicas de detecção e prevenção de fraudes; uma revisão sistemática da literatura. In Anais do 19º Congresso Internacional sobre Gestão de Sistemas de Informação e Tecnologia – CONTECSI. FEA. https://ipt.br/2023/01/27/phishing-e-engenharia-social-conceitos-modalidades-tecnicas-de-deteccao-e-prevencao-de-fraudes-uma-revisao-sistematica-da-literatura/

Wooldridge, M. (2009). An introduction to multiagent systems (2nd ed.). Wiley.

Downloads

Published

2026-06-23

How to Cite

Matthiesen Silva, A. C., & D’Alkmin Neves, J. E. (2026). Information security as a management strategy: Assessment of personalized training for phishing prevention . Revista Gestão & Tecnologia, 26(2), 216–241. https://doi.org/10.20397/2177-6652/2026.v26i2.3251

Issue

Vol. 26 No. 2 (2026)

Section

ARTIGOS

License

Copyright (c) 2026 Revista Gestão & Tecnologia

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Authors who publish with this journal agree to the following terms: • 1. The author(s) authorize the publication of the article in the journal. • 2. The author(s) ensure that the contribution is original and unpublished and is not being evaluated in other journal(s). • 3. The journal is not responsible for the opinions, ideas and concepts expressed in the texts because they are the sole responsibility of the author(s). • 4. The publishers reserve the right to make adjustments and textual adaptation to the norms of APA. • 5. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal. • 6. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal. • 7. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access) at http://opcit.eprints.org/oacitation-biblio.html