Global ETD Search

51	Understanding Susceptibility to Social Engineering Attacks Through Online Privacy Behaviors Glaris Lancia Raja Arul (11794286) 19 December 2021 (has links) <p>Human-based social engineering attacks continue to grow in popularity, with increasing numbers of cases reported yearly. This can be accredited to the ease with which common social engineering attacks can be launched, and the abundance of information available online that attackers can use against their targets. Current mitigative strategies and awareness trainings against social engineering attacks incorporate an understanding of the major factors that influence individual susceptibility to social engineering attacks. These strategies emphasize an engagement in secure behaviors and practices, especially with respect to identifying the key indicators in any form of communication or situation that can classify it as a social engineering attack. There is also an emphasis on restricting the amount of information that individuals should share about themselves in workplace settings. However, these approaches do not comprehensively consider the different intrinsic motivations that individuals develop to engage in the protective behaviors necessary to assure their safety against social engineering attacks, regardless of environment. Individual attitudes and behaviors about online privacy could hold the key to defending oneself by way of restricting unwarranted access to associated information online. Psychological traits and attitudes developed in response to the perception of social engineering as a threat could act as motivators for engaging in privacy protective behaviors, which in turn could affect the extent to which an individual can protect themselves from social engineering attacks. This thesis investigates the role of privacy protective behaviors in impacting an individual’s susceptibility to social engineering attacks and the impacts of specific privacy factors as motivating antecedents to engagement in privacy protective behaviors.</p> Online Privacy Social Engineering Privacy Behaviors
52	Zvýšení bezpečnostního povědomí ve společnosti / Increasing security awareness in the company Novák, Petr January 2021 (has links) The master’s thesis is focused on increasing security awareness in the company. The first chapter contains the theoretical background, which is necessary for creating a security education system. The second chapter deals with the analysis of the current situation, which is needed for determinating the need to increase security awareness. The third and last chapter contains the design of the education system itself.
53	Informationssäkerhet : Informell säkerhet inom informationssäkerhetsrevisioner / Information security : Informal security within information security revisions Andersson, Adam, Gårdenheim, Simon, Josefsson, Anton January 2020 (has links) Informell säkerhet är en kategori inom informationssäkerhet som innefattar människors attityder, uppfattningar och värderingar. Trots att informationssäkerhetsrevisioner utförs regelbundet mot organisationer är det oklart hur mycket informell säkerhet appliceras i dessa revisioner. Syftet med denna studie är att undersöka informell säkerhet och hur denna appliceras i informationssäkerhetsrevisioner. Undersökningen görs genom en tematisk analys av semi-strukturerade intervjuer.Resultatet av studien påvisar att det finns en bristande medvetenhet gällande informell säkerhet hos organisationer. Prioriteringarna hos organisationerna är istället den tekniska säkerheten. Studien uppmärksammar vikten av informell säkerhet och att denna inte glöms bort jämfört med de tekniska säkerhetsaspekterna.Slutsatsen i studien är att det krävs mer forskning inom området som både fokuserar på informell säkerhet i sin helhet men även hur informell säkerhet förhåller sig till organisationskultur. Det finns ett antal förbättringsområden inom området, mestadels kopplade till medvetenhet och utbildningsinsatser. Det fundamentala förbättringsområdet identifierades dock i att organisationer får en grundlig och klar insyn i vikten av väl hanterad informell säkerhet. / Informal security is a subcategory of information security that includes people's attitudes, perceptions and values. Although information security audits are regularly performed towards organizations, it is unclear how much informal security is applied in these audits. The purpose of this study is to examine informal security and how it is applied in information security audits by organizations. This is done through thematic analysis of semi-structured interviews. The results of the study show that there is a lack of awareness regarding informal security in organizations. The priorities of these organizations are instead technical security. What the study highlights is the importance of informal security and that it should be given the same amount of attention as the technical safety aspects. The study concludes that more research is needed about the subject informal security but also how informal security relates to organizational culture. There are several areas of improvement within the study, mostly linked to awareness and educational efforts. However, the fundamental area of improvement was identified as organizations realizing the importance of informal security. Informatik Informationssäkerhetsrevisioner Informell Säkerhet ISO27000 Organisationskultur Social Engineering Säkerhetsrevisioner Information Systems
54	Exploring SME Vulnerabilities to Cyber-criminal Activities Through Employee Behavior and Internet Access Twisdale, Jerry Allen 01 January 2018 (has links) Cybercriminal activity may be a relatively new concern to small and medium enterprises (SMEs), but it has the potential to create financial and liability issues for SME organizations. The problem is that SMEs are a future growth target for cybercrime activity as larger corporations begin to address security issues to reduce cybercriminal risks and vulnerabilities. The purpose of this study was to explore a small business owner's knowledge about to the principal elements of decision making for SME investment into cybersecurity education for employees with respect to internet access and employee vulnerabilities. The theoretical framework consisted of the psychological studies by Bandura and Jaishankar that might affect individual decision making in terms of employee risks created through internet use. This qualitative case study involved a participant interview and workplace observations to solicit a small rural business owner's knowledge of cybercriminal exploitation of employees through internet activities such as social media and the potential exploitation of workers by social engineers. Word frequency analysis of the collected data concluded that SME owners are ill equipped to combat employee exploitation of their business through social engineering. Qualitative research is consistent with understanding the decision factors for cost, technical support, and security threat prevention SME organizational leadership use and is the focus of this study as emergent themes. The expectation is that this study will aid in the prevention of social engineering tactics against SME employees and provide a platform for future research for SMEs and cybercriminal activity prevention. cybercrime cyber security information security information security management Small and medium enterprises social engineering Databases and Information Systems
55	The Community Defense Approach: A Human Approach to Cybersecurity for Industrial and Manufacturing Systems Stewart, Alexander 21 October 2019 (has links) No description available. Computer Engineering cybersecurity human factors manufacturing cyber-physical systems social engineering
56	The Human Element of Cybersecurity : A Literature Review of Social Engineering Attacks and Countermeasures Broberg, Robert, Sinnott, Philip January 2023 (has links) Social engineering attacks pose an escalating threat to organizations. This thesis conducted a semi-comprehensive literature review using the PRISMA method to address common attack methods, reducing susceptibility among employees, and the need for awareness training. Findings highlight severe consequences, exemplified by Yahoo and Sony data breaches. Phishing and spear-phishing are prevalent attack methods, exploiting the human element and bypassing high-techsecurity systems. To mitigate risks, organizations should adopt a multi-layered approach, combining technological solutions with employee awareness training. By enhancing employees' ability to identify and respond to social engineering attempts, susceptibility to attacks can be significantly reduced. Ongoing research and updated defense strategies are crucial to countering evolving attack vectors. The study emphasizes the collective responsibility in cybersecurity, combining technical and non-technical measures effectively. This thesis contributes to knowledge by providing insights into attack methods, countermeasures, and the importance of employee awareness training. The rigorous PRISMA method ensures a transparent approach, offering valuable guidance for organizations aiming to enhance their security posture against social engineering attacks. Social engineering attack employee awareness framework policy Computer and Information Sciences Data- och informationsvetenskap
57	Phishing : A qualitative study of users' e-mail classification process, and how it is influenced by the subjective knowledge Puke Andersson, Hanna, Stenberg, Sofie January 2022 (has links) Background. E-mail phishing is a type of social engineering where the threat actor sends e-mails with the intention to, for example, gain sensitive information or gain access to sensitive assets. Anyone can be a target of a phishing attempt, and any user that uses a digital environment should be aware of which factors to be attentive to in an e-mail. Objectives. This thesis intends to study the practical ability to identify phishing e-mails among users and what factors they are looking for when performing the classification. The intention is also to investigate if subjective knowledge impacts practical ability. Methods. A user study was conducted where the participants were to classify e-mails from an inbox as either phishing or legitimate. During the observation, the participants thought-out-loud for the authors of this thesis to hear their approach and which factors they noticed. A questionnaire also was conducted to capture the participants' knowledge, previous experience, and confidence in their classifications. Results. The results show that the majority of the participants did not know what factors to look after, nor how to inspect them, to make a justified classification of an e-mail. Most participants made the classifications based on their gut feelings. Those participants who had any theoretical knowledge showed more confidence and identified more phishing attempts. Conclusions. This thesis concluded that the participants lacked the required knowledge to identify phishing attempts. Further, it concludes that subjective knowledge leads to high confidence, which helps users make the correct classification. Therefore, this topic needs to be further enlightened to bring more awareness, and education needs to be conducted. phishing social engineering security awareness user study data security Computer Sciences Datavetenskap (datalogi)
58	Nätfiske – Ett säkerhetshot mot äldre i Sverige Bodair, Karim, Fagerström, Felicia January 2021 (has links) Nätfiske har blivit ett allt vanligare tillvägagångssätt för bedragare som vill komma åt individers känsliga information. Särskilt nätfiske riktat mot äldre individer har ökat på senare tid och klassificeras som ett av de vanligaste brotten. Problemet i denna studie belyses utifrån ett användarperspektiv, där äldres medvetenhet gällande nätfiske kommer att centreras. För att uppfylla detta har följande frågeställning konstruerats, ”Vilken medvetenhet har personer som är 60 år och äldre i Sverige gällande nätfiske?”. För att samla in empiri till denna studie valdes surveyundersökning som forskningsstrategi. Datainsamlingsmetoden består av en enkät som skickades ut till äldre individer via olika internetforum. Den insamlade datan har analyserats med hjälp av chi-2 fördelning och Pearsons korrelationskoefficient. Resultatet påvisade att majoriteten av respondenterna inte ansåg sig vara medvetna om nätfiske. Det påvisades inga skillnader mellan kön men det framkom ett statistiskt samband mellan respondenternas noggrannhet att undersöka webbsidor och deras förmåga att identifiera ett förfalskat e-postmeddelande. / Phishing has become an increasingly common approach for fraudsters who want to access individual's sensitive information. Especially phishing aimed at older people has increased in recent times and is classified as one of the most common crimes. The problem in this study illustrates from a user perspective, where the elderly's awareness of phishing will be centered. To fulfill this study the following framing of question have been constructed, “which awareness do people who are 60 years and older have in Sweden regarding phishing?”. To gather empirical data for this study, survey research was chosen as the research strategy. The data collection method consists of a survey that was sent out to older individuals through various internet forums. The collected data were analyzed using chi-2 distribution and Pearson's correlation coefficient. The results showed that the majority of the respondents did not consider themselves aware of phishing. No gender differences were detected, but a statistical relationship was found between respondents' accuracy in examining web pages and their ability to identify a forged e-mail message. Phishing Phishingattacks Phishing awareness Social engineering Nätfiske Nätfiskeattacker Nätfiske medvetenhet Social manipulation Computer Sciences Datavetenskap (datalogi)
59	The contradictions of empowerment promotion through social engineering. Mozambique’s Peace and the ‘7 million’ Initiative Maschietto, Roberta Holanda January 2015 (has links) The concept of ‘empowerment’ has been widely used among development practitioners since the early 1990s. This thesis aims to contribute to the literature on empowerment by developing an analytical framework that incorporates: (a) the dialectical nature of power, (b) multiple levels of analysis, and (c) the subjectivities of power that different actors have and that affect the way they respond to policies. The model is applied to the analysis of Mozambique’s transition to peace and the study of a national initiative called District Development Fund, known as the ‘7 Million’, which aims to promote empowerment by reducing poverty and promoting local participation in the rural districts. The analysis focuses, on the one hand, on the ‘7 million’ policy formulation, stressing the power struggles that shaped its final outcome and, on the other hand, the policy implementation in the district of Angoche, where I conducted extensive fieldwork. I argue that, even though the ‘7 million’ had some positive aspects – including providing a discourse that underlines the relevance of the districts and the local community in matters of governance – its effects in promoting local empowerment have been far below its potential. One of the reasons for this is to be found in the dynamics of power-to and power-over that take place at the local level and that partly reflect structural aspects linked to the Mozambique state formation and peacebuilding process. More generally, the case illustrates the limitations and contradictions of policies that aim promoting ‘bottom-up’ empowerment from the ‘top-down’.
60	An Integrated Intelligent Approach to Enhance the Security Control of IT Systems. A Proactive Approach to Security Control Using Artificial Fuzzy Logic to Strengthen the Authentication Process and Reduce the Risk of Phishing Salem, Omran S.A. January 2012 (has links) Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.

Search results