Spelling suggestions: "subject:"human hacking"" "subject:"suman hacking""
1 |
„Das perfekte Opfer“ – eine Analyse sicherheitsbezogener Einstellungen und Verhaltensweisen im Internet in Abhängigkeit der NutzerpersönlichkeitStaar, Henning, Wilms, Rafael, Hinrichs, Judith 30 April 2019 (has links)
Jüngere theoretische Beiträge und empirische Studien zur Informations- und Datensicherheit widmen sich diesem Themenbereich des Social Engineering verstärkt interdisziplinär und rücken dabei neben täterbezogenen Analysen (z.B. Watson, Holz & Mueller, 2008) vor allem gruppen- bzw. kulturbezogenen Aspekte (Flores, Holm, Nohlberg & Ekstedt, 2014; Tembe et al., 2014) als auch individuelle Charakteristika wie Persönlichkeitsmerkmale der (potentiellen) Opfer in den Fokus (z.B. Uebelacker & Quiel, 2014; Pattinson, Jerram, Parsons, McCormac & Butavicius, 2012;Vishwanath, Herath, Chen, Wang & Raghav Rao, 2011). Trotz der gegenwärtigen intensiven Beschäftigung mit dem Thema fehlen jedoch weiterhin eindeutige bedingungs- und personenbezogene Handlungsimplikationen zum Umgang mit den genannten Formen des Datendiebstahls (Gupta, Tewari, Jain & Agrawal, 2017). Ein möglicher Grund mag in der vergleichsweise häufigen Reduktion individueller Charakteristika auf die zentralen Persönlichkeitsmerkmale („Big 5“; Rammstedt, Kemper, Klein, Beierlein & Kovalena, 2012) liegen. Zugrundeliegende Motive oder Werte von Personen werden hingegen bislang unzureichend betrachtet (Fazio, Blascovich & Driscoll, 1992). Darüber hinaus beziehen bislang nur wenige Studien sowohl umfassende psychologische Befragungsinventare zu sicherheitsbezogenen Einstellungen, Verhaltensweisen und individuellen Personenmerkmalen als auch die Beurteilung von E-Mails oder Websites hinsichtlich der Vertrauenswürdigkeit und Handlungsbereitschaft in ihre Analysen ein. Der vorliegende Beitrag verfolgt mit einem entsprechenden Studiendesign das Ziel, diese Lücke weiter zu schließen und Erkenntnisse zu personenbezogenen Einflüssen auf die Informations- und Datensicherheit zu generieren. [Aus der Einleitung.]
|
2 |
Awareness-Raising and Prevention Methods of Social Engineering for Businesses and IndividualsHarth, Dominik, Duernberger, Emanuel January 2022 (has links)
A system is only as secure as the weakest link in the chain. Humans are the binding link between IT (information technology) security and physical secu-rity. In general, the human is often considered as the weakest link in the chain, so social engineering attacks are used to manipulate or trick people to accom-plish the goal of bypassing security systems. Within this master thesis, we answer several research questions related to social engineering. Most im-portant is to find out why humans are considered as the weakest link and why existing guidelines are failing, as well as to achieve the goal of raising aware-ness and starting education at a young age. For this, we examine existing lit-erature on the subject and create experiments, an interview, a campaign eval-uation, and a survey. Our systematic work begins with an introduction, the methodology, a definition of social engineering and explanations of state-of-the-art social engineering methods. The theoretical part of this thesis also in-cludes ethical and psychological aspects and an evaluation of existing guide-lines with a review of why they are not successful.Furthermore, we continue with the practical part. An interview with a profes-sional security consultant focusing on social engineering from our collabora-tion company TÜV TRUST IT GmbH (TÜV AUSTRIA Group)1 is con-ducted. A significant part here deals with awareness-raising overall, espe-cially at a younger age. Additionally, the countermeasures against each dif-ferent social engineering method are analysed. Another practical part is the evaluation of existing social engineering campaigns2 from TÜV TRUST IT GmbH TÜV AUSTRIA Group to see how dangerous and effective social en-gineering has been in the past. From experience gained in this thesis, guide-lines on dealing with social engineering are discussed before the thesis is fi-nalized with results, the conclusion and possible future work.
|
3 |
Resolving the Password Security Purgatory in the Contexts of Technology, Security and Human FactorsAdeka, Muhammad I., Shepherd, Simon J., Abd-Alhameed, Raed 22 January 2013 (has links)
Yes / Passwords are the most popular and constitute the
first line of defence in computer-based security systems; despite
the existence of more attack-resistant authentication schemes. In
order to enhance password security, it is imperative to strike a
balance between having enough rules to maintain good security
and not having too many rules that would compel users to take
evasive actions which would, in turn, compromise security. It is
noted that the human factor is the most critical element in the
security system for at least three possible reasons; it is the
weakest link, the only factor that exercises initiatives, as well as
the factor that transcends all the other elements of the entire
system. This illustrates the significance of social engineering in
security designs, and the fact that security is indeed a function of
both technology and human factors; bearing in mind the fact
that there can be no technical hacking in vacuum. This paper
examines the current divergence among security engineers as
regards the rules governing best practices in the use of
passwords: should they be written down or memorized; changed
frequently or remain permanent? It also attempts to elucidate
the facts surrounding some of the myths associated with
computer security. This paper posits that destitution of requisite
balance between the factors of technology and factors of
humanity is responsible for the purgatory posture of password
security related problems. It is thus recommended that, in the
handling of password security issues, human factors should be
given priority over technological factors. The paper proposes
the use of the (k, n)-Threshold Scheme, such as the Shamir’s
secret-sharing scheme, to enhance the security of the password
repository. This presupposes an inclination towards writing
down the password: after all, Diamond, Platinum, Gold and
Silver are not memorised; they are stored. / Petroleum Technology Development Fund
|
Page generated in 0.074 seconds