DESC:RESERVATION OF RIGHTS
[0001] A portion of the disclosure of this patent document contains material which is subject to intellectual property rights such as, but are not limited to, copyright, design, trademark, IC layout design, and/or trade dress protection, belonging to Jio Platforms Limited (JPL) or its affiliates (herein after referred as owner). The owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all rights whatsoever. All rights to such intellectual property are fully reserved by the owner.

FIELD OF INVENTION
[0002] The present disclosure relates to the field of cybersecurity performance management. More particularly, the present disclosure relates to a method and the system for calculating phishing resistance score (PRS) of users.

BACKGROUND OF THE INVENTION
[0003] The following description of related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section be used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of prior art.
[0004] Cyber-attacks are one of the growing concerns for any organization today. Phishing is a form of Cyber-attack where Cybercriminals attempt to trick individuals by disguising themselves as a trustworthy organization or person and send fake emails to obtain sensitive information such as login credentials, bank account details, and the likes. At times, such emails also contain malicious attachments or URL’s which could compromise the organization’s mission-critical systems. Although numerous approaches have been developed to detect and prevent phishing attacks, yet there is no fool proof solution that can detect and prevent 100% of phishing attacks, as the tactics tried by cybercriminals are very sophisticated, where cognitive thinking of users is exploited. Therefore, humans here become the last line of defence.
[0005] Existing approaches for reducing cyber-attacks deal with improving user’s awareness level, which is of paramount importance for any organization to protect from cyber threats. There are multiple initiatives taken up by organizations to improve cybersecurity awareness amongst employees. Simulation-based anti-phishing exercises are being considered as one of the effective methods to educate the employees where employees are sent simulated phishing emails, and based on their response, they are redirected for training, which helps them enhance their phishing awareness to identify real phishing threats. Although the measures and mechanisms are implemented for spreading user’s awareness, however, there was no metric or measurement criterion that could be used in an organization to determine the awareness level of users related to phishing.
[0006] Further, such simulations are based on anti-phishing exercises, however, these exercises only assess an employee’s susceptibility to phishing attacks. And, with every new simulation-based campaign, the user's response changes. For instance, in the 1st anti-phishing campaign that was conducted, a user was phished whereas in the second campaign, the user was not phished, and in the 3rd campaign, the user was phished. In this case, it cannot be evaluated in absolute values that the user’s awareness over phishing attacks was improved or declined or in what situations is the user able to identify it correctly.
[0007] There are several mechanisms available in the conventional systems to identify user’s responses to simulated phishing attacks and calculating corresponding risk scores. However, there isn’t any specific study or practice on the measurement of user awareness index while responding to phishing attacks as disclosed in the proposed system. As phishing attacks trick user’s cognitive thinking, it requires the user to have prior intelligence or knowledge on phishing attacks. This will help us to know if the user can at any point in time become a victim of such attacks and how resistant is the user for the future phishing attacks. Also, no such study has been found where Phishing Resistance Score metric is leveraged to derive the Cyber Security Maturity Score of an Organization.
[0008] There is, therefore, a need to provide a simple, effective, and easy to use system and method for calculating Phishing Resistance Score (PRS), and enhancing Cyber Awareness Index of users, which is based on a custom function and is calculated for every user or entity across the organization.

OBJECTS OF THE PRESENT DISCLOSURE
[0009] Some of the objects of the present disclosure, which at least one embodiment herein satisfies are as listed herein below.
[0010] It is an object of the present disclosure to provide for a system and method facilitating understanding a current user awareness level so that the next steps for improvement either through anti-phishing campaigns or training programs can be planned.
[0011] It is an object of the present disclosure to provide for a system and method that helps in identifying the effectiveness of the last line of defense control ie., the human firewall.
[0012] It is an object of the present disclosure to provide for a system and method that assists in improving the cyber security maturity score of the entity.
[0013] It is an object of the present disclosure to provide for a system and method that aids in building cyber resilience for each user and the entity.
[0014] It is an object of the present disclosure to provide for a system and method helps in overall improvement of the cyber security posture of the organization.

SUMMARY
[0015] This section is provided to introduce certain objects and aspects of the present invention in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
[0016] In order to achieve the aforementioned objectives, the present invention provides a system and method for facilitating determination of cybersecurity awareness level of a user associated with an entity. The system may include one or more processors coupled with a memory wherein the memory may store instructions which when executed by the one or more processors causes the system to: receive, a set of data packets pertaining to one or responses from the user associated with a user computing device. The set of data packets may pertain to one or more responses of the user to a predefined query associated with an anti-phishing exercise generated by an anti-phishing module operatively coupled to the processor. The processor may cause the system to extract, a first set of attributes from the set of data packets received, the first set of attributes pertaining to the nature of responses received; and extract, a second set of attributes from a stored knowledgebase of the user pertaining to a plurality of past parameters associated with the user stored in a user management system communicatively coupled to the processor; determine, a set of scores based on the first and the second set of attributes extracted, the set of scores pertaining to a predefined set of parameters associated with cyber security; generate, by a PRS generator engine, a phishing resistance score based on an execution of a predefined set of instructions on the set of scores determined; and categorize, by a phishing awareness module, the user on a predefined scale based on the PRS score generated.
[0017] In another aspect, the present disclosure includes method for system for facilitating determination of cybersecurity awareness level of a user associated with an entity. The method may be executed by a processor, and includes the steps of: receiving, at a processor, a set of data packets, wherein the set of data packets pertain to one or responses from the user associated with a user computing devices, said set of data packets pertaining to one or more responses of the user to a predefined query associated with anti-phishing exercise; extracting, by the processor, a first set of attributes from the set of data packets received, the first set of attributes pertaining to the nature of responses received. Further, the method may include the step of extracting, by the processor, a second set of attributes from a stored knowledgebase of the user, the knowledgebase may pertain to a plurality of past parameters associated with the user. Furthermore, the method may include the step of determining, by the processor, a set of scores based on the first and the second set of attributes extracted, wherein the set of scores pertain to any or a combination of an awareness quotient of the user, cyber security maturity score of the user, a security incident score of the user and a complexity score of the user; and generating, by a PRS generator engine, a phishing resistance score based on an execution of a predefined set of instructions on the set of scores determined. The method may also include the step of categorizing, by a phishing awareness module, the user on a predefined scale based on the PRS score generated.

BRIEF DESCRIPTION OF DRAWINGS
[0018] The accompanying drawings, which are incorporated herein, and constitute a part of this invention, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present invention. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that invention of such drawings includes the invention of electrical components, electronic components or circuitry commonly used to implement such components.
[0019] FIG. 1 illustrates an exemplary system architecture of the proposed system for calculating the Phishing Resistance Score (PRS) of users, in accordance with an embodiment of the present invention.
[0020] FIG. 2A illustrates an exemplary flowchart for calculation of PRS, in accordance with an embodiment of the present invention.
[0021] FIG. 2B illustrates an exemplary representation of proposed system /centralized server for accessing content stored in a network, in accordance with an embodiment of the present disclosure.
[0022] FIG. 2C illustrates an exemplary representation of the proposed method in accordance with an embodiment of the present disclosure.
[0023] FIG. 3A illustrates an exemplary flow chart and methodology for calculation of PRS, in accordance with an embodiment of the present invention.
[0024] FIG. 3B illustrates an exemplary architecture of an anti-phishing platform of the proposed system, in accordance with an embodiment of the present invention.
[0025] FIG. 4 illustrates an exemplary architecture of a PRS generator engine of the proposed system, in accordance with an embodiment of the present invention.
[0026] FIG. 5 illustrates exemplary metrics presented in a steering committee meeting upon implementation of the proposed system and method, in accordance with an embodiment of the present invention.
[0027] FIGs. 6A and 6B illustrate exemplary metrics presented using a bar graph in a Board meeting upon implementation of the proposed system and method, in accordance with an embodiment of the present invention.
[0028] FIG. 7 illustrates an exemplary computer system in which or with which embodiments of the present invention can be utilized in accordance with embodiments of the present disclosure.
[0029] The foregoing shall be more apparent from the following more detailed description of the invention.

BRIEF DESCRIPTION OF INVENTION
[0030] In the following description, for the purposes of explanation, various specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter can each be used independently of one another or with any combination of other features. An individual feature may not address all of the problems discussed above or might address only some of the problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein.
[0031] The present disclosure relates to the field of cyber security performance management. More particularly, the present disclosure relates to a method and the system for calculating phishing resistance score (PRS) of users.
[0032] FIG. 1 illustrates an exemplary system architecture of the proposed system for calculating Phishing Resistance Score (PRS) of users, in accordance with an embodiment of the present invention.
[0033] According to an aspect, the present disclosure elaborates upon a system 100 for calculating Phishing Resistance Score (PRS) of users, which is based on a custom function and is calculated for every user and entity across an organization. The PRS may determines the user’s resistance when it comes to identifying a phishing email and further may determine cyber awareness. The PRS can be a function of a plurality of parameters such as but not limited to the user’s response to a plurality of attributes such as a simulated phishing email, past phishing scores, and the user’s knowledge on Phishing. The system 100 can include an input module and an output module (not shown in FIG. 1). The system 100 can include an identity management module 102, a user awareness management module 104, an anti-phishing platform 106 (also referred to as the anti-phishing module 106), an incident management module 108, a cyber-security maturity tracking module 110, a complexity factor calculator 112, a PRS generator engine 114, a PRS dashboard 116, a Continuous Improvement Program (CIP) dashboard 118, and a cyber-security reporting dashboard 120.
[0034] The system 100 may be configured to receive, a set of data packets, wherein the set of data packets pertain to one or responses from the user (102-1) associated with a user computing device of an entity. The set of data packets may pertain to one or more responses of the user (102-1) to a predefined query associated with the anti-phishing exercise generated by an anti-phishing module operatively coupled to a processor. The system may then extract, a first set of attributes from the set of data packets received, the first set of attributes pertaining to the nature of responses received and further extract, a second set of attributes from a stored knowledgebase of the user (102-1) pertaining to a plurality of past parameters associated with the user (102-1) stored in the user awareness management module 104 communicatively coupled to the processor.
[0035] In an embodiment, the entity may include a business organisation, an MNC, a private organisation, a public organisation, a government organisation, a school, a university, a research laboratory, a defence organisation and the like.
[0036] The system 100 may further be configured to determine, a set of scores based on the first and the second set of attributes extracted. The set of scores may pertain to a predefined set of parameters associated with cyber security. The system 100 canthen generate, by the PRS generator engine 114, a phishing resistance score (PRS) based on an execution of a predefined set of instructions on the set of scores determined and then categorize, by a phishing awareness module (106-8), the user on a predefined scale based on the PRS score generated.
[0037] In an embodiment, the identity management module 102 can store the knowledgebase such as details about users 102-1 such as employees, staff and the likes and their entity such as name, DOB, age, the entity or the business the user belongs to and the likes. The user awareness management system 104 can include an application 104-1, and a database 104-2, which can store details about the awareness training a user had undertaken. Also, the user awareness management system 104 captures details of quizzes, and assessments that the user was part of.
[0038] In an embodiment, the anti-phishing platform 106 can include a phishing email template repository 106-1, an internal configuration unit 106-2, a campaign generator 106-3, a dashboard generator 106-4, a campaign result tracker unit 106-5, a user response processer 106-6, an email application 106-7, a phishing awareness module 106-8, and database 106-9. The phishing email template repository 106-1 can be configured to store custom, tailored email templates to be sent to user such as employees. The internal configuration unit 106-2 can be configured to set phishing campaign parameters, like domain name, user details, and phishing landing page link, but not limited to the like. The campaign generator 106-3 can be configured to create a specific phishing campaign along with all prerequisites such as user list, template, and the likes. The dashboard generator 106-4 can be configured to display the complete report of the results of the phishing campaign where each score is based on a weightage. The campaign result tracker unit 106-5 can be configured to generate results of a phishing campaign. The user response processer 106-6 can be configured to collect the plurality of past parameters such as phished employee information. The Email application 106-7 can be a software, which can be configured to send a simulated phishing email to each user created during phishing campaign. The phishing awareness module 106-8 can be a real-time awareness module that render an immediate response to phished user on what went wrong, and the database 106-9 can be configured to store the data generated and processed by the anti-phishing platform 106.
[0039] In another embodiment, the incident management module 108 of the proposed system 100 can include a user response tracker 108-1, incident records 108-2 and database 108-3. The user response tracker unit 108-1 can be configured to track of the user’s response on suspicious mail received and reported by users. The incident records 108-2 can include a monitoring and reporting module, which can be configured to provide security incidents raised against one individual at a certain point in time and the database 108-3 can be configured to store the data generated, and processed by the incident management system 108.
[0040] In an embodiment, the cyber security maturity tracking module 110 can include an application 110-1, and a database 110-2. The cyber security maturity tracking module 110 can be configured to store the information on the entity and its security certification details. The complexity factor calculator 112 can be configured to store the mail complexity and time complexity for every simulated email.
[0041] In an embodiment, the PRS generator engine 114 can include a user awareness quotient generator 114-1, user conformance score generator 114-2, user’s security incident history unit 114-3, complexity score generator 114-4, historical PRS data 114-5, entity cyber maturity score unit 114-6, and a database 114-7. The user awareness quotient generator 114-1 can be configured to generate score based on a predefined algorithm and based on input taken from user awareness program along with certain parameters from the simulated phishing exercise platform. The user conformance score generator 114-2 can be configured to generate score based on predefined algorithm based on input taken from a simulated phishing exercise platform. The user’s security incident history unit 114-3 can be configured to generate a score based on security violations committed by end-user 122 in the past. The complexity score generator 114-4 can be configured to combine weightage of mail and time complexity on an individual for a specific phishing campaign. The historical PRS data 114-5 can be configured to maintain historical records of the previous PRS result of an individual user (102-1). The entity cyber maturity score unit 114-6 can be configured to calculate the weightage of BU entity cyber maturity score unit 114-6 of an individual based on their performance in a specific phishing campaign and the database 114-7 can be configured to store the data generated and processed by the PRS Generator Engine 114.
[0042] In an embodiment, the PRS dashboard 116 can include a user PRS display interface 116-1, and a BU wise PRS display interface 116-2. The user PRS display interface 116-1 can be a visualization dashboard and configured for displaying current and previous PRS score. The BU wise PRS display interface 116-2 can be configured to combine PRS score for each BU consists of several employees.
[0043] In an embodiment, the Continuous Improvement Program (CIP) tracking system 118 can include a CIP Score calculator engine 118-1, and an Overall CIP dashboard 118-2. The CIP Score calculator engine 118-1 can be configured to display the Phishing Resistance Score (PRS) of the entity visualization dashboard. The overall CIP dashboard 118-2 can be configured to calculate and display the CIP score of the entity. The cybersecurity reporting dashboard 120 can be configured to store the cybersecurity metrics defined including PRS to report it to management.
[0044] In an embodiment, the user computing device and/or the user device (not shown in FIG. 1) may communicate with the system (100) via set of executable instructions residing on any operating system, including but not limited to, Android TM, iOS TM, Kai OS TM and the like. In an embodiment, user computing device and/or the user device (not shown in FIG. 1) may include, but not limited to, any electrical, electronic, electro-mechanical or an equipment or a combination of one or more of the above devices such as mobile phone, smartphone, virtual reality (VR) devices, augmented reality (AR) devices, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other computing device, wherein the computing device may include one or more in-built or externally coupled accessories including, but not limited to, a visual aid device such as camera, audio aid, a microphone, a keyboard, input devices for receiving input from a user such as touch pad, touch enabled screen, electronic pen and the like. It may be appreciated that the user computing device and/or the user device may not be restricted to the mentioned devices and various other devices may be used. A smart computing device may be one of the appropriate systems for storing data and other private/sensitive information.
[0045] In an exemplary embodiment, a network may include, by way of example but not limitation, at least a portion of one or more networks having one or more nodes that transmit, receive, forward, generate, buffer, store, route, switch, process, or a combination thereof, etc. one or more messages, packets, signals, waves, voltage or current levels, some combination thereof, or so forth. A network may include, by way of example but not limitation, one or more of: a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a public-switched telephone network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, some combination thereof.
[0046] In another exemplary embodiment, a centralized server operatively coupled to the system 100 may include or comprise, by way of example but not limitation, one or more of: a stand-alone server, a server blade, a server rack, a bank of servers, a server farm, hardware supporting a part of a cloud service or system, a home server, hardware running a virtualized server, one or more processors executing code to function as a server, one or more machines performing server-side functionality as described herein, at least a portion of any of the above, some combination thereof.
[0047] FIG. 2A illustrates an exemplary flowchart for calculating PRS, in accordance with an embodiment of the present invention.
[0048] In an embodiment, FIG. 2A illustrates the launching of anti-phishing exercises executed at step 202, which can be one of the vital steps in achieving the Phishing Resistance Score of the user. Simulated tailored emails are sent to the users from the Anti-phishing system to assess the user’s response to phishing attacks. The simulation system captures key responses whether the user has read the mail, whether the user has clicked the mail or whether the user has submitted sensitive data on a fake page. Once the email is sent to the user, user’s reaction can be captured at step 204, and calculation of User’s conformance score can be executed based on the response if user has clicked the link provided in the email, submitted data after clicking on the link and if user has reported it to the Security team promptly. More weightage can been given when the user reports the incident or suspicious email to the Cyber Security Team.
[0049] In an embodiment, the user’s awareness quotient 114-1 can be calculated at step 206, through the inputs such as mandatory course completion status, the number of virtual sessions attended by the user and participation in cybersecurity awareness campaigns and user’s phished status in the anti-phishing exercise. The end user can achieve the least score in case he/she is trained and yet gets phished. It indicates that the user has not grasped the Do’s and Don’ts mentioned during the training, which results in his/her getting a low score against the awareness quotient.
[0050] In an embodiment, at step 208, the entity’s cyber maturity score can be calculated by identifying the business that the user belongs to and its cybersecurity focus level. This score calculation also takes the phished status of the user from the anti-phishing exercise into account. At step 210, user’s security incident score can be calculated based on the number of incidents raised against the user in the case where the user would have violated the security policy and practices. At step 212, the complexity score can be derived based on the complexity of email, and the contextual period (time) when the simulated email was sent to user.
[0051] In an embodiment, at step 214, the phishing resistance score can be calculated based on results obtained from steps 204 to 212. Finally, at step 218, PRS can be published through a user interface to respective stakeholders and can be reported to management in the cyber security governance meetings. The calculation of PRS can be repeated after the completion of anti-phishing exercise every quarter, but not limited to the like.
[0052] In an embodiment, the system 100 may include one or more processors coupled with a memory, wherein the memory may store instructions which when executed by the one or more processors may cause the system to perform the generation of automated visual responses to a query. FIG. 2B with reference to FIG. 1, illustrates an exemplary representation of system 100 /centralized server for facilitating determination of cybersecurity awareness level of a user associated with an entity, in accordance with an embodiment of the present disclosure. In an aspect, the system 100 /centralized server may comprise one or more processor(s) 222. The one or more processor(s) 222 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that process data based on operational instructions. Among other capabilities, the one or more processor(s) 222 may be configured to fetch and execute computer-readable instructions stored in a memory 224 of the system 100. The memory 224 may be configured to store one or more computer-readable instructions or routines in a non-transitory computer readable storage medium, which may be fetched and executed to create or share data packets over a network service. The memory 224 may comprise any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as EPROM, flash memory, and the like.
[0053] In an embodiment, the system 100/centralized server may include an interface(s) 226. The interface(s) 226 may comprise a variety of interfaces, for example, interfaces for data input and output devices, referred to as I/O devices, storage devices, and the like. The interface(s) 226 may facilitate communication of the system 100. The interface(s) 226 may also provide a communication pathway for one or more components of the system 100 or the centralized server. Examples of such components include, but are not limited to, processing engine(s) 218 and a database 230.
[0054] The processing engine(s) 218 may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processing engine(s) 218. In examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processing engine(s) 218 may be processor executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processing engine(s) 218 may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the machine-readable storage medium may store instructions that, when executed by the processing resource, implement the processing engine(s) 218. In such examples, the system 100 /centralized server may comprise the machine-readable storage medium storing the instructions and the processing resource to execute the instructions, or the machine-readable storage medium may be separate but accessible to the system 100 /centralized server and the processing resource. In other examples, the processing engine(s) 218 may be implemented by electronic circuitry.
[0055] The processing engine 218 may include one or more engines selected from any of a data acquisition 222, an extraction engine 224, a PRS generator engine 226, a tracking engine 228 and other engines 240.
[0056] FIG. 2C illustrates an exemplary representation of the proposed method in accordance with an embodiment of the present disclosure. The method may facilitate determination of cybersecurity awareness level of a user associated with an entity. The method may be executed by a processor, and includes the steps of: at 252 receiving, at a processor, a set of data packets, wherein the set of data packets pertain to one or responses from the user associated with a user computing devices, the set of data packets pertaining to one or more responses of the user to a predefined query associated with anti-phishing exercise; at 254, extracting, by the processor, a first set of attributes from the set of data packets received, the first set of attributes pertaining to the nature of responses received and also at 254 extracting, by the processor, a second set of attributes from a stored knowledgebase of the user, the knowledgebase may pertain to a plurality of past parameters associated with the user.
[0057] Further, the method may include at 256 the step of determining, by the processor, a set of scores based on the first and the second set of attributes extracted, wherein the set of scores pertain to any or a combination of an awareness quotient of the user, cyber security maturity score of the user, a security incident score of the user and a complexity score of the user; and at 258 generating, by a PRS generator engine, a phishing resistance score based on an execution of a predefined set of instructions on the set of scores determined.
[0058] The method may also include at 260, the step of categorizing, by a phishing awareness module, the user on a predefined scale based on the PRS score generated.
[0059] In an exemplary embodiment, FIG. 3A illustrates the methodology for calculating PRS. At the start step, the anti-phishing exercise can be launched, where emails 302 are sent to the users from the anti-phishing system 106 to assess the user’s response to phishing attacks. At step 302-1, the system 100 checks whether email was opened or not, if the email was opened then at step 302-2 the system 100 checks whether the hyperlink in the email was clicked. Further, at step 302-3 the system 100 checks whether the data was submitted, and at step 302-4 the system 100 checks whether data i.e., phishing email was reported at 302-4. Correspondingly, the user awareness quotient 114-1 and entity maturity score 114-6 are accessed when the user clicks the email. The user awareness quotient 114-1 relates to scenarios such as if the user has undergone the mandatory awareness course, learning and awareness sessions attended by the user, user participation in cyber awareness reinforcement programs, user’s score in assessments/quizzes. User awareness training can be key to educate employees on cyber security do’s and don’ts. Successful completion of this courses/sessions provide insight that user not only taken the course, but he/she is already aware of cyber threats and has responsibility towards preventing them. User’s phished status is provided as an input to calculate this score. The entity maturity score 114-6 relates to an entity where the user belongs to, and which can be certified against information security standard or benchmarked against industry best practices. The entity maturity score depicts that the entity is committed to adhering to cyber security practices, and all employees have undergone extensive training on cyber security practices.
[0060] In an embodiment, the above data i.e, the phishing email was reported at step 302-4, which can be submitted to step 304 for calculating PRS, along with the user’s security incident history 114-3 and complexity 114-1. The complexity unit 114-4 can include mail complexity114-41, and time complexity 114-42. Finally, at step 306, a final score 206 can be calculated.
[0061] Phishing campaigns are conducted on an ongoing basis in our organization. To gauge the effectiveness of the controls and improvement in the user awareness level, PRS can be considered as a metric. PRS can be calculated after every anti-phishing exercise and can be based on the parameters, which are related to initiatives taken to improve the user awareness level and user’s behavior in the past. These parameters can be multiple and can range from 1…n (P1, P2…Pn) in number. These metrics can also be customized as per the business environment.
[0062] In an embodiment, the parameters that can be considered for calculating the PRS are user conformance score, user awareness quotient, entity’s cyber maturity score, user’s security incident history, complexity unit 114-4, previous PRS as disclosed in Fig. 2B. System 100 can be implemented for calculating the PRS for multiple entities as well as for individual users. One of the important factors that facilitate in determining the parameters that can fetch us 100% PRS, can be the individual’s responsible behavior and adherence to cybersecurity practices in the organization (zero violations), and also analyzing the individual’s response to a phishing email, i.e., not only correctly identifying the phishing email but also reporting to our Cybersecurity team. On the other hand, the least score of an individual or an entity could be as low as 8% as we consider only the email and time complexity parameters of the simulated phishing email sent to the user, and rest of all parameters are set to zero.
Pn=
pn = PRS score of an individual after n campaign
P1 = (0,2,4,6,8,10,12);
p2=(0,2,4,6);
p3=(0,3,6);
p4=(1,3,5);
p5 = (2,4,6,8,10)
p6 = PRSn-1
PRS Score of a Business Unit where n indicates employee score.
PRSN=
[0063] In an exemplary embodiment, for instance, the PRS can be calculated by considering its parameters are as follows:
# Parameter Value Highest Value Lowest Value
P1 User Conformance Score
Weightage Status
12 Read Reported
10 Clicked Reported
8 Read Not Reported
6 Not Reported
4 Clicked Not Reported
2 Submitted reported
0 Submitted Non-Reported
12 0
P2 User Awareness Quotient
Phished Not Phished
Trained 0 6
Not Trained 2 4
6 0
P3 Entity’s Cyber Maturity Score
? Phished Not Phished
No 3 6
Yes 0 6
6 0
P4 User’s Past Security Incident History Weightage 5 ? No. of security incident against the user is 0
Weightage is 3? No. of security incident against the user is 1
Weightage is 1? No. of security incident against the user is above 1 5 1
P5 Complexity Mail complexity – 5,3,1 (High, Medium, Low)
Time complexity – 5,3,1 (High, Medium, Low)
10 2
P6 Previous score -
Total 100 % 8 %

Calculation method =>>
Pn=
pn = PRS score of an individual after n campaign
P1 = (0,2,4,6,8,10,12);
p2=(0,2,4,6);
p3=(0,3,6);
p4=(1,3,5);
p5 = (2,4,6,8,10)
p6 = PRSn-1
PRS Score after Business Unit N of a specific Campaign where employee is n
PRSN=
[0064] FIG. 3B illustrates an exemplary architecture of an anti-phishing platform of the proposed system, in accordance with an embodiment of the present invention.
[0065] As illustrated, in an embodiment, the anti-phishing platform architecture 300 can be configured for creating user conformance score. The anti-phishing platform 106 can include several components, which can be tasked sequentially. The modulesof the anti-phishing platform 106 are the phishing email template repository unit 106-1, the internal configuration unit 106-2, the campaign generator 106-3, the dashboard generator 106-4, the campaign result tracker unit 106-5, the user response processer 106-6, the email application 106-7, the phishing awareness module 106-8 and the database 106-9. The phishing email template 106-1 can be configured to create customised phishing mail template. The internal configuration unit 106-2 can be utilized to configure target domain along with user list of the organization. The campaign generator 106-3 can be configured to generate a campaign based on the predefined parameters and the phishing email template repository 106-1, the internal configuration unit 106-2. The email application 106-7 can be configured to send mails to that target receipts as configured in the campaign generator 106-3. Emails can be triggered as per the campaign generator 106-3, which can be created as per the configured schedule. The phishing awareness module 106-8 can provide details of the users who have clicked in the link and provided sensitive data and are redirected to tailored educational pages. This module can be responsible for hosting campaign-specific learning pages on phishing. The user response processor 106-6 can be configured to captures users' responses to phishing emails. The campaign result tracker unit 106-5 can be configured to provide a real-time tracker of users response based on the output received by the user response processor and updates the result on the dashboard. Finally, after completion of the campaign, the anti-phishing platform 106 provides the detailed result for the specific campaign along with users statistics such as Opened email, clicked on the phishing link, submitted the credentials, reported to the security team, and the likes. All the user stats, which created user conformance score are induced in PRS generator engine for PRS creation. The Phishing status - phished or not phished can be sent to PRS engine system as an input to calculate User awareness quotient and Entity Maturity Score.
[0066] FIG. 4 illustrates exemplary architecture of a PRS generator engine of the proposed system, in accordance with an embodiment of the present invention.
[0067] As illustrated, in an embodiment, Fig. 4 depicts PRS Generator Engine Architecture 400. The PRS generator engine 114 can include a user awareness quotient generator unit 114-1, a user conformance score generator unit 114-2, a users’ security incident history unit 114-3, a complexity score generator unit 114-4, a historical PRS data 114-5, an entity cyber maturity score unit 114-6, and a database 114-7. The User awareness quotient generator unit 114-1 can include the data such as mandatory cyber security course completed by user, no of sessions on cyber security attended by the user, cyber pledge taken by the user, details on quiz/assessments cleared by user, and the likes. These details are sent to PRS engine for calculation of user awareness quotient. Also, the user awareness quotient generator unit 114-1 can includes user awareness status 114-11, and published status 114-21, which are computed to arrive at user awareness score 114-31. The user conformance score generator unit 114-2 can be configured to generate user conformance score 114-21 by utilizing several status of the email such as mail opened 202-1, link clicked 202-2, data submitted 202-3 and reported 202-4. The user’s conformance score 114-21 can include user’s performance in the recent phishing exercise – phished/not phished or reported to the concerned authority, and the likes, where weightage can be provided for each of the parameters. User reporting the phished email received to Security teams can be emphasized and aids in obtaining the maximum score. Count of genuine phishing attempts identified and reported by the user based on a weightage.
[0068] Further, the user’s security incident history unit 114-3 stores the information security violations committed by the user in the past. The user’s security incident history unit 114-3 can include security incidents against users 114-31 and incident quotient 114-32. The complexity score generator unit 114-4 can be configured to generate a complexity score 114-42 by utilizing time complexity 114-41 and mail complexity 114-42. The historical PRS data 114-5 can be configured to store historical records of previous PRS result of an individual user. The entity cyber maturity score 114-63 can be generated based on entity cyber maturity 114-61 and published status 114-62, which can be based on the performance users belonging to their business in the recent anti-phishing exercise and the entity cyber maturity status of the organization from cyber security maturity tracking system.
[0069] FIG. 5 illustrates exemplary metrics presented in a cyber-security steering committee meeting upon implementation of the proposed system and method, in accordance with an embodiment of the present invention.
[0070] As illustrated, in an embodiment, Fig. 5 illustrates a system 500, where PRS scores for each entity of a company can be shared with senior management in all the governance meetings and also to the individual business heads to receive their feedback and plan further course of action. The company’s board can be apprised based on the score, and this can be one of the standard metrics that can be planned to present in every board meeting so as to show improvement. This can also help to benchmark against the peer business/functions in case of a conglomerate and could be added to the information security score card, continuous improvement programs, etc.
[0071] FIGs. 6A and 6B illustrates exemplary metrics presented using a bar graph in a Board meeting upon implementation of the proposed system and method, in accordance with an embodiment of the present invention.
[0072] In an embodiment, the continuous improvement program can be based on industry best maturity models, CMMI, COBIT, NIST, etc. It primarily assesses the cyber security posture of each business and then defines the target maturity level to be achieved as required for the business. The maturity levels can be identified across five functional areas namely governance, policy & processes, security architecture, system security, monitoring and log management and people and 5 maturity levels are defined against each area. While, against the people area, control objective can be mentioned as the tracking of improvement of Phishing Resistance Score. In situations where Phishing Resistance Score for the entity has reduced when compared to the previous year, the maturity level goes down, which in-turn impacts the maturity level of the organization. These values are presented to the management in the cyber security board meetings. Also, the data depicted in the FIGs. 6A and 6B are only for illustrative purpose.
[0073] In an embodiment, the current PRS score can also help to strategize our further campaigns to improve the PRS and get it as close to 100% and achieve resilience towards phishing attacks at an individual as well as the entity level.
[0074] In another embodiment, advantages of the proposed system can provide better understanding of the current user awareness level so that the next steps for improvement either through anti-phishing campaigns or training programs can be planned. Further, the proposed system can aid in identifying the effectiveness of the last line of defence control i.e. the human firewall, which can be employees for each business unit. Also, the proposed system assists in improving the cyber security maturity score of the business. The proposed system can also aid in building Cyber resilience for each user and business. The proposed system provides overall improvement of the cyber security posture of the organization.
[0075] FIG. 7 illustrates an exemplary computer system in which or with which embodiments of the present invention can be utilized in accordance with embodiments of the present disclosure. As shown in FIG. 7, computer system 700 can include an external storage device 710, a bus 720, a main memory 730, a read only memory 740, a mass storage device 750, communication port 760, and a processor 770. A person skilled in the art will appreciate that the computer system may include more than one processor and communication ports. Examples of processor 770 include, but are not limited to, an Intel® Itanium® or Itanium 2 processor(s), or AMD® Opteron® or Athlon MP® processor(s), Motorola® lines of processors, FortiSOC™ system on chip processors or other future processors. Processor 770 may include various modules associated with embodiments of the present invention. Communication port 760 can be any of an RS-232 port for use with a modem based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fiber, a serial port, a parallel port, or other existing or future ports. Communication port 760 may be chosen depending on a network, such a Local Area Network (LAN), Wide Area Network (WAN), or any network to which computer system connects. Memory 730 can be Random Access Memory (RAM), or any other dynamic storage device commonly known in the art. Read-only memory 740 can be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chips for storing static information e.g., start-up or BIOS instructions for processor 770. Mass storage 750 may be any current or future mass storage solution, which can be used to store information and/or instructions. Exemplary mass storage solutions include, but are not limited to, Parallel Advanced Technology Attachment (PATA) or Serial Advanced Technology Attachment (SATA) hard disk drives or solid-state drives (internal or external, e.g., having Universal Serial Bus (USB) and/or Firewire interfaces), e.g. those available from Seagate (e.g., the Seagate Barracuda 872 family) or Hitachi (e.g., the Hitachi Deskstar 8K700), one or more optical discs, Redundant Array of Independent Disks (RAID) storage, e.g. an array of disks (e.g., SATA arrays), available from various vendors including Dot Hill Systems Corp., LaCie, Nexsan Technologies, Inc. and Enhance Technology, Inc.
[0076] Bus 720 communicatively couples processor(s) 770 with the other memory, storage and communication blocks. Bus 720 can be, e.g. a Peripheral Component Interconnect (PCI) / PCI Extended (PCI-X) bus, Small Computer System Interface (SCSI), USB or the like, for connecting expansion cards, drives and other subsystems as well as other buses, such a front side bus (FSB), which connects processor 770 to software system.
[0077] Optionally, operator and administrative interfaces, e.g. a display, keyboard, and a cursor control device, may also be coupled to bus 720 to support direct operator interaction with a computer system. Other operator and administrative interfaces can be provided through network connections connected through communication port 760. The external storage device 710 can be any kind of external hard-drives, floppy drives, IOMEGA® Zip Drives, Compact Disc - Read Only Memory (CD-ROM), Compact Disc-Re-Writable (CD-RW), Digital Video Disk-Read Only Memory (DVD-ROM). Components described above are meant only to exemplify various possibilities. In no way should the aforementioned exemplary computer system limit the scope of the present disclosure.
[0078] Thus, the present disclosure provides a unique and inventive solution for determining phishing resistance score (PRS) of a user based on a unique set of parameters. The system may further use a method to determine a user Conformance Score and a user Awareness Quotient. The system and method to calculate an overall CIP score based on the PRS score of each user associated with the entity.
[0079] While considerable emphasis has been placed herein on the preferred embodiments, it will be appreciated that many embodiments can be made and that many changes can be made in the preferred embodiments without departing from the principles of the invention. These and other changes in the preferred embodiments of the invention will be apparent to those skilled in the art from the disclosure herein, whereby it is to be distinctly understood that the foregoing descriptive matter to be implemented merely as illustrative of the invention and not as limitation.

ADVANTAGES OF THE PRESENT DISCLOSURE
[0080] The present disclosure provides for a system and a method for facilitating understanding a current user awareness level so that the next steps for improvement either through anti-phishing campaigns or training programs can be planned.
[0081] The present disclosure provides for a system and a method that helps in identifying the effectiveness of the last line of defense control i.e., the human firewall.
[0082] The present disclosure provides for a system and a method that assists in improving the cyber security maturity score of the entity.
[0083] The present disclosure provides for a system and a method that aids in building cyber resilience for each user and the entity.
[0084] The present disclosure provides for a system and a method that helps in overall improvement of the cyber security posture of the organization.

,CLAIMS:1. A system (100) for facilitating determination of cybersecurity awareness level of a user associated with an entity, the system comprising:
one or more processors (222) coupled with a memory (224), wherein said memory (224) stores instructions which when executed by the one or more processors (222) causes said system to:
receive, a set of data packets, wherein the set of data packets pertain to one or more responses from the user associated with a user computing device, wherein the one or more responses of the user (102-1) correspond to a predefined query associated with an anti-phishing exercise generated by an anti-phishing module (106) operatively coupled to the processor (222);
extract, a first set of attributes from the set of data packets received, said first set of attributes pertaining to the nature of responses received;
extract, a second set of attributes from a stored knowledgebase of the user, said knowledgebase pertains to a plurality of past parameters associated with the user stored in a user awareness management module (104) communicatively coupled to the processor;
determine, a set of scores based on the first and the second set of attributes extracted, wherein the set of scores pertain to a predefined set of parameters associated with cyber security;
generate, by a PRS generator engine (114), a phishing resistance score (PRS) based on an execution of a predefined set of instructions on the set of scores determined; and
categorize, by a phishing awareness module (106-8), the user (102-1) on a predefined scale based on the PRS score generated.
2. The system as claimed in claim 1, wherein the predefined set of parameters comprise any or a combination of an awareness quotient of the user, cyber security maturity score of the user, a user conformance score, a security incident score of the user, historical PRS data of the user for a predefined amount of time, and a complexity score of the user, wherein the awareness quotient of the user are based on any or a combination of a course completion status, number of virtual sessions attended by the user and participation in cyber security awareness campaigns and status of the user in an anti-phishing exercise.
3. The system as claimed in claim 2, wherein the cyber maturity score is based on identifying a business the user belongs to and the cyber security focus level of the user, wherein the sSecurity Incident Score of the user is based on a number of incidents raised against the user in case where user would have violated the security policy and practices, and wherein the complexity score is based on a complexity of the predefimed query and contextual period of time when the predefined query was sent to the user.
4. The system as claimed in claim 1, wherein the anti-phishing module 106 comprises a phishing email template repository 106-1, an internal configuration unit 106-2, a campaign generator 106-3, a dashboard generator 106-4, a campaign result tracker unit 106-5, a user response processer 106-6, an email application 106-7, a phishing awareness module 106-8, and a database 106-9, wherein the predefined query is stored in the phishing email template repository 106-1 and comprises one or more custom, tailored email templates to be sent to the user (102-1).
5. The system as claimed in claim 4, wherein the internal configuration unit 106-2 is configured to set one or more phishing campaign parameters for the anti-phishing exercise.
6. The system as claimed in claim 4, wherein the campaign generator 106-3 is configured to create a specific phishing campaign based on one or more phishing parameters set, wherein the campaign result tracker unit 106-5 is configured to generate results of the specific phishing campaign.
7. The system as claimed in claim 4, wherein the phishing awareness module 106-8 renders an information to a phished user in real time.
8. The system as claimed in claim 1, wherein an incident management module 108 operatively coupled to the processor comprises a user response tracker 108-1, incident records module 108-2 and a database 108-3, wherein the user response tracker unit 108-1 tracks the responses of the user on the predefined query received and reported by the users, and wherein the incident records module 108-2 provides security incidents raised against one user at a predefined time.
9. The system as claimed in claim 1, wherein a cyber security maturity tracking module 110 operatively coupled to the processor stores an information on the entity and security certification details of the entity.
10. The system as claimed in claim 1, wherein a continuous Improvement Program (CIP) tracking module 118 calculates and displays a CIP score of the entity based on the PRS score of each user associated with the entity.
11. A method for facilitating determination of cybersecurity awareness level of a user associated with an entity, the method comprising:
receiving, at a processor 222, a set of data packets, wherein the set of data packets pertain to one or responses from the user associated with a user computing devices, said set of data packets pertaining to one or more responses of the user to a predefined query associated with anti-phishing exercise ;
extracting, by the processor 222, a first set of attributes from the set of data packets received, said first set of attributes pertaining to the nature of responses received;
extracting, by the processor 222, a second set of attributes from a stored knowledgebase of the user, said knowledgebase pertains to a plurality of past parameters associated with the user;
determining, by the processor 222, a set of scores based on the first and the second set of attributes extracted, wherein the set of scores pertain to any or a combination of an awareness quotient of the user, cyber security maturity score of the user, a security incident score of the user and a complexity score of the user;
generating, by a PRS generator engine 114, a phishing resistance score (PRS) based on an execution of a predefined set of instructions on the set of scores determined; and
categorizing, by a phishing awareness module 106-8, the user on a predefined scale based on the PRS score generated.
12. The method as claimed in claim 11, wherein the predefined set of parameters comprise any or a combination of a user awareness quotient of the user, cyber security maturity score of the user, a user conformance score, a security incident score of the user, historical PRS data of the user, and a complexity score of the user, wherein the awareness quotient of the user are based on any or a combination of a course completion status, number of virtual sessions attended by the user and participation in cyber security awareness campaigns and status of the user in an anti-phishing exercise.
13. The method as claimed in claim 12, wherein the method further comprises :
identifying a business the user belongs to and the cyber security focus level of the user to calculate the cyber maturity score, wherein the security Incident score of the user is based on a number of incidents raised against the user in case where user would have violated the security policy and practices, and wherein the complexity score is based on a complexity of the predefimed query and contextual period of time when the predefined query was sent to the user.
14. The method as claimed in claim 11, wherein the anti-phishing module comprises a phishing email template repository 106-1, an internal configuration unit 106-2, a campaign generator 106-3, a dashboard generator 106-4, a campaign result tracker unit 106-5, a user response processer 106-6, an email application 106-7, a phishing awareness module 106-8, and a database 106-9, wherein the predefined query is stored in the phishing email template repository 106-1 and comprises one or more custom, tailored email templates to be sent to the user.
15. The method as claimed in claim 14, wherein the method further comprises :
configuring an internal configuration unit 106-2 to set phishing campaign parameters for the anti-phishing exercise, and configuring the campaign generator 106-3 to create a specific phishing campaign based on one or more phishing parameters set, wherein the campaign result tracker unit 106-5 is configured to generate results of the specific phishing campaign.
16. The method as claimed in claim 14, wherein the method further comprises:
rendering by a phishing awareness module 106-8, an information to a phished user in real time.
17. The method as claimed in claim 11, wherein an incident management module operatively coupled to the processor comprises a user response tracker 108-1, an incident records module 108-2 and a database 108-3.
18. The method as claimed in claim 17, wherein the method further includes:
tracking, by the user response tracker unit 108-1, the responses of the user on the predefined query received and reported by the users, and wherein the incident records module 108-2 provides security incidents raised against one user at a predefined time.
19. The method as claimed in claim 11, wherein the method further includes storing, at a cyber security maturity tracking module 110 operatively coupled to the processor, an information on the entity and security certification details of the entity.
20. The method as claimed in claim 11, wherein the method further comprises:
calculating and displaying, by a Continuous Improvement Program (CIP) tracking module 118, a CIP score of the entity based on the PRS score of each user associated with the entity.