Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Phishing with Gifts as Bait: Measurement and Analysis of Phishing Attacks within a University Environment
Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
Manuskript (Övrigt vetenskapligt)
Identifikatorer
URN: urn:nbn:se:su:diva-25674OAI: oai:DiVA.org:su-25674DiVA: diva2:200189
Anmärkning
Part of urn:nbn:se:su:diva-8379Tillgänglig från: 2008-12-18 Skapad: 2008-12-15 Senast uppdaterad: 2010-01-13Bibliografiskt granskad
Ingår i avhandling
1. Securing Information Assets: Understanding, Measuring and Protecting against Social Engineering Attacks
Öppna denna publikation i ny flik eller fönster >>Securing Information Assets: Understanding, Measuring and Protecting against Social Engineering Attacks
2008 (Engelska)Doktorsavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

Social engineering denotes, within the realm of security, a type of attack against the human element during which the assailant induces the victim to release information or perform actions they should not. Our research on social engineering is divided into three areas: understanding, measuring and protecting. Understanding deals with finding out more about what social engineering is, and how it works. This is achieved through the study of previous work in information security as well as other relevant research areas. The measuring area is about trying to find methods and approaches that put numbers on an organization’s vulnerability to social engineering attacks. Protecting covers the ways an organization can use to try to prevent attacks. A common approach is to educate the users on typical attacks, assailants, and their manipulative techniques. In many cases there are no preventive techniques, dealing with the human element of security, in place.

The results show that social engineering is a technique with a high probability of success. Furthermore, defense strategies against it are complicated, and susceptibility to it is difficult to measure. Important contributions are a model describing social engineering attacks and defenses, referred to as the Cycle of Deception, together with a thorough discussion on why and how social engineering works. We also propose new ways of conducting social engineering penetration testing and outline a set of recommendations for protection. It is crucial to involve managers more, but also to train the users with practical exercises instead of theoretical education, for example, by combining measuring exercises and penetration testing with training. We also discuss the future threat of Automated Social Engineering, in which software with a simple form of artificial intelligence can be used to act as humans using social engineering techniques online, making it quite hard for Internet users to trust anyone they communicate with online.

Ort, förlag, år, upplaga, sidor
Kista: Institutionen för data- och systemvetenskap (tills m KTH), 2008. 97 s.
Serie
Report Series / Department of Computer & Systems Sciences, ISSN 1101-8526 ; 09-001
Nationell ämneskategori
Systemvetenskap
Forskningsämne
data- och systemvetenskap
Identifikatorer
urn:nbn:se:su:diva-8379 (URN)978-91-7155-786-5 (ISBN)
Disputation
2009-01-15, sal C, Forum, Isafjordsgatan 39, Kista, 13:00
Opponent
Handledare
Tillgänglig från: 2008-12-18 Skapad: 2008-12-15Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas

Av organisationen
Institutionen för data- och systemvetenskap

Sök vidare utanför DiVA

GoogleGoogle Scholar

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 184 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf