Securing Information Assets: Understanding, Measuring and Protecting against Social Engineering Attacks

↓ Direkt till sidans innehåll
↓ Direkt till sidans sekundära innehåll (sidomenyn)

Sökning: id:"swepub:oai:DiVA.org:su-8379" > Securing Informatio...

1 av 1
Föregående post
Nästa post
Till träfflistan

Securing Information Assets : Understanding, Measuring and Protecting against Social Engineering Attacks

Nohlberg, Marcus (författare): Högskolan i Skövde,Stockholms universitet,Institutionen för data- och systemvetenskap,Institutionen för kommunikation och information,Forskningscentrum för Informationsteknologi

Wangler, Benkt, Professor (preses): Stockholms universitet,Institutionen för data- och systemvetenskap

Kowalski, Stewart, Doctor (preses): Stockholms universitet,Institutionen för data- och systemvetenskap

visa fler...

Sasse, Angela, Professor (opponent): University College, London

visa färre...

(creator_code:org_t)

ISBN 9789171557865
Kista : Institutionen för data- och systemvetenskap (tills m KTH), 2008
Engelska 97 s.
Serie: Report Series / Department of Computer & Systems Sciences, 1101-8526 ; 09-001

Relaterad länk:: https://su.diva-port... (primary) (Raw object); visa fler...; http://urn.kb.se/res...; https://urn.kb.se/re...; https://urn.kb.se/re...; visa färre...

Doktorsavhandling (övrigt vetenskapligt/konstnärligt)

Abstract Ämnesord

Stäng

Social engineering denotes, within the realm of security, a type of attack against the human element during which the assailant induces the victim to release information or perform actions they should not. Our research on social engineering is divided into three areas: understanding, measuring and protecting. Understanding deals with finding out more about what social engineering is, and how it works. This is achieved through the study of previous work in information security as well as other relevant research areas. The measuring area is about trying to find methods and approaches that put numbers on an organization’s vulnerability to social engineering attacks. Protecting covers the ways an organization can use to try to prevent attacks. A common approach is to educate the users on typical attacks, assailants, and their manipulative techniques. In many cases there are no preventive techniques, dealing with the human element of security, in place.The results show that social engineering is a technique with a high probability of success. Furthermore, defense strategies against it are complicated, and susceptibility to it is difficult to measure. Important contributions are a model describing social engineering attacks and defenses, referred to as the Cycle of Deception, together with a thorough discussion on why and how social engineering works. We also propose new ways of conducting social engineering penetration testing and outline a set of recommendations for protection. It is crucial to involve managers more, but also to train the users with practical exercises instead of theoretical education, for example, by combining measuring exercises and penetration testing with training. We also discuss the future threat of Automated Social Engineering, in which software with a simple form of artificial intelligence can be used to act as humans using social engineering techniques online, making it quite hard for Internet users to trust anyone they communicate with online.

Ämnesord

NATURVETENSKAP -- Data- och informationsvetenskap -- Systemvetenskap, informationssystem och informatik (hsv//swe)
NATURAL SCIENCES -- Computer and Information Sciences -- Information Systems (hsv//eng)

Nyckelord

Computer and systems science
Data- och systemvetenskap
Computer and Systems Sciences
data- och systemvetenskap
Teknik

Publikations- och innehållstyp

vet (ämneskategori)
dok (ämneskategori)

Hitta via bibliotek

Securing Information Assets Understanding, Measuring and Protecting against Soci... (Sök publikationen i LIBRIS)

Till lärosätets databas

1 av 1
Föregående post
Nästa post
Till träfflistan

Hitta mer i SwePub

Av författaren/redakt...: Nohlberg, Marcus; Wangler, Benkt, ...; Kowalski, Stewar ...; Sasse, Angela, P ...

Om ämnet

NATURVETENSKAP: NATURVETENSKAP; och Data och informa ...; och Systemvetenskap ...

Delar i serien: Report Series / ...

Av lärosätet: Stockholms universitet; Högskolan i Skövde

Sök utanför SwePub

Sök vidare i:: Google; Google Book Search; Google Scholar

Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.

LIBRIS.kb.se