Global ETD Search

51	Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectiveness Frangopoulos, Evangelos D. 31 March 2007 (has links) As Information Security (IS) standards do not always effectively cater for Social Engineering (SE) attacks, the expected results of an Information Security Management System (ISMS), based on such standards, can be seriously undermined by uncontrolled SE vulnerabilities. ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of standard not restricted to technical controls, while encompassing proposals from other standards and generally-accepted sets of recommendations in the field. Following an analysis of key characteristics of SE and based on the study of Psychological and Social aspects of SE and IS, a detailed examination of ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its controls with respect to SE is provided. Furthermore, enhancements to existing controls and inclusion of new controls aimed at strengthening the defense against Social Engineering are suggested. Measurement and quantification issues of IS with respect to SE are also dealt with. A novel way of assessing the level of Information Assurance in a system is proposed and sets the basis for future work on this subject. / Information Systems / M. Sc. (Information Systems) Information assurance Influence Persuasion Actor-network theory Objective reality Subjective reality ISO 27002 ISO 27001 ISO 17799 Security policy Information security Social engineering 005.8 Social engineering Data protection Computer security
52	EXPLORING PHISHING SUSCEPTIBILITY ATTRIBUTABLE TO AUTHORITY, URGENCY, RISK PERCEPTION AND HUMAN FACTORS Priyanka Tiwari (9187496) 30 July 2020 (has links) <p>Security breaches nowadays are not limited to technological orientation. Research in the information security domain is gradually shifting towards human behavioral orientation toward breaches that target weaknesses arising from human behaviors (Workman et al., 2007). Currently, social engineering breaches are more effective than many technical attacks. In fact, the majority of cyber assaults have a social engineering component. Social Engineering is the art of manipulating human flaws towards a malicious objective (Breda et al., 2017). In the likely future, social engineering will be the most predominant attack vector within cyber security (Breda et al., 2017). Human failures, persuasion and social influences are key elements to understand when considering security behaviors. With the increasing concerns for social engineering and advancements in human factors-based technology, phishing emails are becoming more prevalent in exploiting human factors and external factors. Such factors have been researched upon in pairs, not overall. Till date, there is not much research done to identify the collaborative links between authority, urgency, risk perception and human factors such as personality traits, and knowledge. This study investigates about phishing email characters, external influences, human factors influences, and their collaborative effects. </p> Social and Community Informatics Computer-Human Interaction Social Engineering attacks Cyber Security Personality Traits Social Engineering Phishing Spear phishing Personality Framework Authority Urgency Risk Perception Cyber knowledge Elaboration Likelihood Model Human factors User susceptibility
53	IT-säkerhet och människan : De har världens starkaste mur men porten står alltid på glänt Wendel-Persson, Fredrik, Ronnhed, Anna January 2017 (has links) In the ever-changing environment of the digital world one thing remains the same, the humans sitting in front of the screen. Today protecting company secrets and information is becoming more and more vital and companies invest massive amounts of money on technological defenses such as firewalls and antivirus programs, but the threats that the user and employees pose for companies go unnoticed by many. However, there are people that notice this weakness in companies’ security and try to take advantage of it for their own gain. By manipulating the human instead of the technology can a con-artist bypass companies’ security by means called social engineering. The threat that social engineering pose is no news to many within the field of information security but it’s still happening. The focus of this study is to examine why this is still an issue for a lot of companies and why it's so hard to counter social engineering. By going over previous research we identified that security culture in a company and the awareness of its employees influence the attitudes which a person needs to have to be able to fend of social engineering attacks. This study argues that attitudes determine if a person processes an incoming message through a central or peripheral route. Since a company’s security culture seemed to influence how people could counter social engineering we went to a manufacturing company and examined the security culture to try and get a better understanding on the complexity of the problem. The study concludes that being completely resilient to social engineering attacks is practically impossible. If a user will have access to a certain information, a skilled con-artist will have a chance to get their hands on that information through the user. However, the study emphasize that a company can work with improving resistance towards incoming social engineering attacks by focusing on their security culture and their employees’ attitudes and awareness concerning the problem. IT-säkerhet social engineering social manipulation medvetenhet attityd säkerhetskultur Information Systems, Social aspects
54	Moderna sociala manipuleringsangrepp : En kvalitativ intervjustudie med penetrationstestare / Modern social engineering attacks : A qualitative interview study of penetration testers Ödman, Alina January 2019 (has links) Dagens samhälle präglas av den växande digitaliseringen. Information flödar på alla håll och kanter, den bearbetas, lagras och kommuniceras konstant. Nuförtiden kan systemen byggas ganska säkra, men så fort man sätter en människa bakom tangentbordet introducerar man en rejäl sårbarhet och äventyrar att vår information hamnar i fel händer. SE (social engineering, social manipulering) är konsten att nyttja social interaktion som ett medel oavsett om det kräver ett tekniskt system eller övertygelse för att få tillgång till känslig information. Detta är en kvalitativ intervjustudie som försöker skildra hur penetrationstestare ser och arbetar med/mot SE (social engineering, social manipulering) sker. Studien tolkar penetrationstestares perspektiv på dagens sociala manipulerings angrepp, hur de arbetar med det och vad vi som individer kan göra för att skydda oss. Slutsatserna från studiens delfrågor hjälper att besvara studiens forskningsfråga “Hur ser penetrationstestare på dagens SE?” Studien visar på att majoriteten av respondenterna är överens om hur SE ser ut idag. Konklusionen visar på att angreppet “phishing” är en av de vanligaste angreppsformerna idag både trendmässigt och arbetsrelaterat just nu. Vidare skildrades även “varför sociala manipulatörer ofta lyckas med sina angrepp” vilket resulterade i att den psykologiska aspekten är ett av de viktigaste förbättringsområdena inom SE. Slutligen, redogjorde respondenterna viktiga skyddsåtgärder som kan tillämpas av både organisationer och privatpersoner. / Our modern World is filled with information everywhere. Information isconstantly processed, stored and communicated. However,we all know that information usuallyhas some value;therefore,we build secure and complex systems, whichare packed with data. Valuable data. Then we put humans behind those systems and introduce ahuge vulnerability and by that,we are risking our data falling into the wrong hands. Social engineering –it is used to deceive people and letting themgive up sensitive information. This qualitative interview study will attempt to disclose the perception of social engineering from people who perform penetration-testingservices. The results of the study are showing that participators are partially decided of their view of social engineering. They almost all agree that “phishing” is a common attack in bothinternet occurrences and in work-related matters. Furthermore, the conclusion shows that the psychological aspect of social engineering is an important improvement area. Lastly, the participants explain several preventative actions, whichcan be used by organizations and by individuals to minimize the risk of exposure to social engineering. Social engineering social engineer social engineering attack penetration testers. Social manipulering social manipulatör sociala manipuleringsangrepp penetrationstestare Engineering and Technology Teknik och teknologier
55	A malware threat avoidance model for online social network users Ikhalia, Ehinome January 2017 (has links) The main purpose of this thesis is to develop a malware threat avoidance model for users of online social networks (OSNs). To understand the research domain, a comprehensive and systematic literature review was conducted and then the research scope was established. Two design science iterations were carried out to achieve the research aim reported in this thesis. In the first iteration, the research extended the Technology Threat Avoidance Theory (TTAT) to include a unique characteristic of OSN - Mass Interpersonal Persuasion (MIP). The extended model (TTAT-MIP), focused on investigating the factors that needs to be considered in a security awareness system to motivate OSN users to avoid malware threats. Using a quantitative approach, the results of the first iteration suggests perceived severity, perceived threat, safeguard effectiveness, safeguard cost, self-efficacy and mass interpersonal persuasion should be included in a security awareness system to motivate OSN users to avoid malware threats. The second iteration was conducted to further validate TTAT-MIP through a Facebook video animation security awareness system (referred in this thesis as Social Network Criminal (SNC)). SNC is a Web-based application integrated within Facebook to provide security awareness to OSN users. To evaluate TTAT-MIP through SNC, three research techniques were adopted: lab experiments, usability study and semi-structured interviews. The results suggest that participants perceived SNC as a useful tool for malware threat avoidance. In addition, SNC had a significant effect on the malware threat avoidance capabilities of the study participants. Moreover, the thematic analysis of the semi-structured interviews demonstrated that the study participants' found SNC to be highly informative; persuasive; interpersonally persuasive; easy to use; relatable; fun to use; engaging; and easy to understand. These findings were strongly related to the constructs of TTAT-MIP. The research contributes to theory by demonstrating a novel approach to design and deploy security awareness systems in a social context. This was achieved by including users' behavioural characteristic on the online platform where malware threats occur within a security awareness system. Besides, this research shows how practitioners keen on developing systems to improve security behaviours could adopt the TTAT-MIP model for other related contexts.
56	Social-engineering ett hot mot informationssäkerheten? Palmqvist, Stefan January 2008 (has links) <p>Den här rapporten tar upp ett annorlunda hot mot informationssäkerheten, som inte hårdvara</p><p>eller mjukvara kan stoppa. Detta hot kallas för social-engineering, och det som gör detta hot</p><p>farligt är att de anställda och chefer i en organisation, kan hjälpa utövaren av socialengineering</p><p>utan att de själva vet om det.</p><p>Det går inte att förhindra att dessa attacker sker, men man kan förhindra de negativa</p><p>konsekvenserna av en sådan attack. Denna rapport tar upp hur man ska göra för att en</p><p>organisation ska kunna fortsätta med sin verksamhet, efter en attack av social-engineering. I</p><p>värsta fall kan en attack av social-engineering innebära att ett företag aldrig återhämtar sig.</p><p>Detta kan bero på att organisationen har förlorat alla sina kunder, förlorat marknads andelar,</p><p>eller för att de ansvariga och viktiga personerna i organisationen har blivit dömda för</p><p>oaktsamhet och sitter i fängelse.</p><p>Denna rapport ska informera och få er att vara uppmärksamma och medvetna om dessa</p><p>hot, som ni kanske inte vet finns. Ni ska få kunskap och lära er känna igen de olika</p><p>förklädnaderna en utövare av social-engineering antar.</p> / <p>This paper discusses a different threat against information security, which can not be</p><p>prevented by either hardware or software. This Threat is called social engineering and the</p><p>main issue that makes this threat so dangerous is that the victims, like executives and the</p><p>employees in an organization are not aware that they actually helps the practician of social</p><p>engineering.</p><p>These attacks can not be avoided, but there is a way to prevent negative consequences of</p><p>such an attack. This paper discusses how an organization can manage to continue with the</p><p>activity, despite an attack of social engineering. In worse case the scenarios of an attack of</p><p>social engineering can mean that an organization never fully recovers. The different scenarios</p><p>of this can be as following. The organization could lose all the clients, they could have lost</p><p>market share or the responsible important people in the organization could be convicted and</p><p>sent to jail.</p><p>This paper will make you aware of these threats that you might even don’t know exists.</p><p>You will be given the knowledge to be able to recognize de different disguises a practician of</p><p>social engineering can assume.</p> social engineering information security hacker policy for security work risk social-engineering informationssäkerhet hacker säkerhetspolicy riskanalys Computer science Datalogi
57	O uso das tecnologias de informação e comunicação na terceira idade e a vulnerabilidade à engenharia social Viana, José Augusto Lopes 22 February 2017 (has links) Submitted by Maike Costa (maiksebas@gmail.com) on 2017-09-01T13:33:57Z No. of bitstreams: 1 arquivototal.pdf: 1644316 bytes, checksum: 0077e60780bb617131dcfe8aa5552f10 (MD5) / Approved for entry into archive by Viviane Lima da Cunha (viviane@biblioteca.ufpb.br) on 2017-09-01T15:56:30Z (GMT) No. of bitstreams: 1 arquivototal.pdf: 1644316 bytes, checksum: 0077e60780bb617131dcfe8aa5552f10 (MD5) / Made available in DSpace on 2017-09-01T15:56:41Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 1644316 bytes, checksum: 0077e60780bb617131dcfe8aa5552f10 (MD5) Previous issue date: 2017-02-22 / This research aimed to study the relationship between vulnerability to social engineering and Information and Communication Technologies (ICTs) use by the elderly. To achieve this goal, it was elaborated a questionnaire addressing situations of vulnerability to social engineering in three dimensions: persuasion, data collection and fabrication. The questionnaire was applied online and in the paper format, obtaining 306 respondents aged between 16 and 85 years, later grouped in five age groups. The data were submitted to factorial analysis and statistical tests to verify differences in behavior between the age groups. For this purpose, ANOVA and Kruskal-Wallis tests were performed. As a result, it was verified that the elderly would be more vulnerable to social engineering in dealing with credentials, in the Data Collection Identity dimension, and less vulnerable when compared to respondents in other age groups in the Fabrication Impersonation/Opportunity dimension. It was concluded that the ICT use by the elderly needs to be analyzed on other aspects besides the maintenance of cognitive abilities and the enrichment of the quality of life. As theoretical implications, this research contributes to warn people and organizations to hazards not always evident in the computer resources use. As practical implications, this study shows a vulnerable behavior of the elderly that should be considered by the organizations in the use of credentials, as well as shows a behavior that should be better explored by the organizations regarding the lower vulnerability of the elderly to social engineering techniques of impersonation and opportunity. / O objetivo dessa pesquisa foi estudar as relações entre vulnerabilidade à engenharia social e o uso das Tecnologias de Informação e Comunicação (TICs) por idosos. Para atingir esse objetivo, foi elaborado um questionário abordando situações de vulnerabilidade à engenharia social em três dimensões: persuasão, coleta de dados e fabricação. O questionário foi aplicado no formato online e papel, obtendo-se 306 respondentes com idades entre 16 e 85 anos, posteriormente agrupadas em cinco faixas etárias. Os dados obtidos foram submetidos à análise fatorial e testes estatísticos para verificação de diferenças de comportamento entre as faixas etárias analisadas, com essa finalidade foram realizados testes ANOVA e Kruskal-Wallis. Como resultado, foi verificado que os idosos estariam mais vulneráveis à engenharia social no trato com as credenciais, na dimensão Coleta de Dados Identidade, e menos vulneráveis, quando comparados aos respondentes nas demais faixas etárias, na dimensão Fabricação Personificação/Oportunidade. Conclui-se que o uso das TICs pelos idosos precisa ser analisado sobre outros aspectos além da manutenção das capacidades cognitivas e do enriquecimento da qualidade de vida. Como implicações teóricas, a presente pesquisa contribui para despertar pessoas e organizações para perigos nem sempre evidentes no uso dos recursos informáticos. Como implicações práticas, esse estudo evidencia um comportamento vulnerável dos idosos que deve ser considerado pelas organizações no uso de credenciais, assim como evidencia um comportamento que deve ser mais bem explorado pelas organizações no que diz respeito à menor vulnerabilidade dos idosos às técnicas de engenharia social de personificação e oportunidade. Internet Idosos Vulnerabilidade Engenharia Social Internet Elderly Vulnerability Social Engineering
58	Social-engineering ett hot mot informationssäkerheten? Palmqvist, Stefan January 2008 (has links) Den här rapporten tar upp ett annorlunda hot mot informationssäkerheten, som inte hårdvara eller mjukvara kan stoppa. Detta hot kallas för social-engineering, och det som gör detta hot farligt är att de anställda och chefer i en organisation, kan hjälpa utövaren av socialengineering utan att de själva vet om det. Det går inte att förhindra att dessa attacker sker, men man kan förhindra de negativa konsekvenserna av en sådan attack. Denna rapport tar upp hur man ska göra för att en organisation ska kunna fortsätta med sin verksamhet, efter en attack av social-engineering. I värsta fall kan en attack av social-engineering innebära att ett företag aldrig återhämtar sig. Detta kan bero på att organisationen har förlorat alla sina kunder, förlorat marknads andelar, eller för att de ansvariga och viktiga personerna i organisationen har blivit dömda för oaktsamhet och sitter i fängelse. Denna rapport ska informera och få er att vara uppmärksamma och medvetna om dessa hot, som ni kanske inte vet finns. Ni ska få kunskap och lära er känna igen de olika förklädnaderna en utövare av social-engineering antar. / This paper discusses a different threat against information security, which can not be prevented by either hardware or software. This Threat is called social engineering and the main issue that makes this threat so dangerous is that the victims, like executives and the employees in an organization are not aware that they actually helps the practician of social engineering. These attacks can not be avoided, but there is a way to prevent negative consequences of such an attack. This paper discusses how an organization can manage to continue with the activity, despite an attack of social engineering. In worse case the scenarios of an attack of social engineering can mean that an organization never fully recovers. The different scenarios of this can be as following. The organization could lose all the clients, they could have lost market share or the responsible important people in the organization could be convicted and sent to jail. This paper will make you aware of these threats that you might even don’t know exists. You will be given the knowledge to be able to recognize de different disguises a practician of social engineering can assume. social engineering information security hacker policy for security work risk social-engineering informationssäkerhet hacker säkerhetspolicy riskanalys Computer Sciences Datavetenskap (datalogi)
59	Exploring Phishing Attacks and Countermeasures Persson, Anders January 2007 (has links) Online banking and e-commerce applications have good protection against attacks directed direct towards their computer systems. This, the attacker has considered and instead use “social engineering” attacks, such as phishing to gain access to the information inside [1] [15] [21]. Phishing is a growing problem that many different companies are trying to develop a working protection against. The number of new phishing-sites per month increased by 1363 % between January 2005 and October 2006, from 2560 to 37 444 attacks [3] [2]. Today there are several different antiphishing applications as well as implemented methods to prevent attacks, but it’s not certain they giving enough protection. In this paper we plan to investigate the concept of phishing to better understand the threat it provides. We will analyse 252 different phishing attacks and examine a number of existing antiphishing applications to see if there are possibilities to improve the different protection methods to improve the accuracy of such tools. Phishing Information Security Identity Theft Social Engineering Computer Sciences Datavetenskap (datalogi) Human Computer Interaction
60	Comparison of Security and Risk awareness between different age groups Björneskog, Amanda, Goniband Shoshtari, Nima January 2017 (has links) The Internet have become a 'necessity' in the everyday life of just below 50\% of the world population. With the growth of the Internet and it creating a great platform to help people and making life easier, it has also brought a lot of malicious situations. Now a days people hack or uses social engineering on other people for a living, scamming and fraud is part of their daily life. Therefore security awareness is truly important and sometimes vital.We wanted to look at the difference in security awareness depending on which year you were born, in relation to the IT-boom and growth of the Internet. Does it matter if you lived through the earlier stages of the Internet or not? We found that the security awareness did increase with age, but if it was due to the candidates growing up before or after the IT-boom or due to the fact that younger people tend to be more inattentive is hard to tell. Our result is that the age group, 16-19, were more prone to security risks, due to an indifferent mindset regarding their data and information. Cyber security Security Risk Awareness Social engineering Age groups Interaction Technologies Interaktionsteknik Elektroteknik och elektronik

Search results