- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 61 to 70 of 109 (0.059 seconds)Spelling suggestions: "subject:"socialengineering"" "subject:"springengineering""
| 61 |
Improving Email Security in Organizations : Solutions and GuidelinesAndrén, Axel, Kashlan, Ghaith, Nantarat, Atichoke January 2023 (has links)
Data breaches from email attacks have been an issue since email was first implemented. Common attack methods like phishing are still a threat to organizations to this very day. That is because it never seems to stop evolving and keeps becoming more and more convincing. Email compromises have caused billions of dollars in damage worldwide, and it shows no sign of stopping. The purpose and research questions of this thesis are formulated to find guidelines or solutions that organizations can follow to improve their overall email security and awareness. In this thesis, both a systematic literature review and interviews are methods used to conduct the research. That way, both the technical portion of the subject, as well as the human perspective are covered. We found that the most common and significant email threats to organizations are phishing, BEC, and APT attacks. This thesis provides methods to mitigate these threats. What has also become clear is that human mistakes are a large portion of the problem concerning email attacks.
|
| 62 |
Ranking Social Engineering Attack Vectors in The Healthcare and Public Health SectorGaurav Sachdev (14563787) 06 February 2023 (has links)
<p>The National Institute of Standards and Technology defines social engineering as an attack vector that deceives an individual into divulging confidential information or performing unwanted actions. Different methods of social engineering include phishing, pretexting, tailgating, baiting, vishing, SMSishing, and quid pro quo. These attacks can have devastating effects, especially in the healthcare sector, where there are budgetary and time constraints. To address these issues, this study aimed to use cybersecurity experts to identify the most important social engineering attacks to the healthcare sector and rank the underlying factors in terms of cost, success rate, and data breach. By creating a ranking that can be updated constantly, organizations can provide more effective training to users and reduce the overall risk of a successful attack. This study identified phishing attacks via email, voice and SMS to be the most important to defend against primarily due to the number of attacks. Baiting and quid pro quo consistently ranked as lower in priority and ranking.</p>
|
| 63 |
TASK, KNOWLEDGE, SKILL, AND ABILITY: EQUIPPING THE SMALL-MEDIUM BUSINESSES CYBERSECURITY WORKFORCEVijaya Raghavan, Aadithyan 11 July 2023 (has links)
No description available.
|
| 64 |
The rise of crypto-ransomware in a changing cybercrime landscape: Taxonomising countermeasuresConnolly, Lena Y., Wall, D.S. 16 June 2020 (has links)
Yes / Year in and year out the increasing adaptivity of offenders has maintained ransomware's position as a major cybersecurity threat. The cybersecurity industry has responded with a similar degree of adaptiveness, but has focussed more upon technical (science) than ‘non-technical’ (social science) factors. This article explores empirically how organisations and investigators have reacted to the shift in the ransomware landscape from scareware and locker attacks to the almost exclusive use of crypto-ransomware. We outline how, for various reasons, victims and investigators struggle to respond effectively to this form of threat. By drawing upon in-depth interviews with victims and law enforcement officers involved in twenty-six crypto-ransomware attacks between 2014 and 2018 and using an inductive content analysis method, we develop a data-driven taxonomy of crypto-ransomware countermeasures. The findings of the research indicate that responses to crypto-ransomware are made more complex by the nuanced relationship between the technical (malware which encrypts) and the human (social engineering which still instigates most infections) aspects of an attack. As a consequence, there is no simple technological ‘silver bullet’ that will wipe out the crypto-ransomware threat. Rather, a multi-layered approach is needed which consists of socio-technical measures, zealous front-line managers and active support from senior management. / This work was supported by the Engineering and Physical Sciences Research Council and is part of the EMPHASIS (EconoMical, PsycHologicAl and Societal Impact of RanSomware) project [EP/P011721/1].
|
| 65 |
Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectivenessFrangopoulos, Evangelos D. 31 March 2007 (has links)
As Information Security (IS) standards do not always effectively cater for
Social Engineering (SE) attacks, the expected results of an Information
Security Management System (ISMS), based on such standards, can be
seriously undermined by uncontrolled SE vulnerabilities.
ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of
standard not restricted to technical controls, while encompassing proposals
from other standards and generally-accepted sets of recommendations in the
field.
Following an analysis of key characteristics of SE and based on the study of
Psychological and Social aspects of SE and IS, a detailed examination of
ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its
controls with respect to SE is provided. Furthermore, enhancements to
existing controls and inclusion of new controls aimed at strengthening the
defense against Social Engineering are suggested.
Measurement and quantification issues of IS with respect to SE are also dealt
with. A novel way of assessing the level of Information Assurance in a system
is proposed and sets the basis for future work on this subject. / Information Systems / M. Sc. (Information Systems)
|
| 66 |
Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectivenessFrangopoulos, Evangelos D. 31 March 2007 (has links)
As Information Security (IS) standards do not always effectively cater for
Social Engineering (SE) attacks, the expected results of an Information
Security Management System (ISMS), based on such standards, can be
seriously undermined by uncontrolled SE vulnerabilities.
ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of
standard not restricted to technical controls, while encompassing proposals
from other standards and generally-accepted sets of recommendations in the
field.
Following an analysis of key characteristics of SE and based on the study of
Psychological and Social aspects of SE and IS, a detailed examination of
ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its
controls with respect to SE is provided. Furthermore, enhancements to
existing controls and inclusion of new controls aimed at strengthening the
defense against Social Engineering are suggested.
Measurement and quantification issues of IS with respect to SE are also dealt
with. A novel way of assessing the level of Information Assurance in a system
is proposed and sets the basis for future work on this subject. / Information Systems / M. Sc. (Information Systems)
|
| 67 |
EXPLORING PHISHING SUSCEPTIBILITY ATTRIBUTABLE TO AUTHORITY, URGENCY, RISK PERCEPTION AND HUMAN FACTORSPriyanka Tiwari (9187496) 30 July 2020 (has links)
<p>Security breaches nowadays are not limited to technological
orientation. Research in the information security domain is gradually shifting
towards human behavioral orientation toward breaches that target weaknesses
arising from human behaviors (Workman et al., 2007). Currently, social
engineering breaches are more effective than many technical attacks. In fact, the
majority of cyber assaults have a social engineering component. Social
Engineering is the art of manipulating human flaws towards a malicious
objective (Breda et al., 2017). In the likely future, social engineering will
be the most predominant attack vector within cyber security (Breda et al.,
2017). Human failures, persuasion and social influences are key elements to
understand when considering security behaviors. With the increasing concerns
for social engineering and advancements in human factors-based technology,
phishing emails are becoming more prevalent in exploiting human factors and
external factors. Such factors have been researched upon in pairs, not overall.
Till date, there is not much research done to identify the collaborative links
between authority, urgency, risk perception and human factors such as
personality traits, and knowledge. This study investigates about phishing email
characters, external influences, human factors influences, and their collaborative
effects. </p>
|
| 68 |
IT-säkerhet och människan : De har världens starkaste mur men porten står alltid på gläntWendel-Persson, Fredrik, Ronnhed, Anna January 2017 (has links)
In the ever-changing environment of the digital world one thing remains the same, the humans sitting in front of the screen. Today protecting company secrets and information is becoming more and more vital and companies invest massive amounts of money on technological defenses such as firewalls and antivirus programs, but the threats that the user and employees pose for companies go unnoticed by many. However, there are people that notice this weakness in companies’ security and try to take advantage of it for their own gain. By manipulating the human instead of the technology can a con-artist bypass companies’ security by means called social engineering. The threat that social engineering pose is no news to many within the field of information security but it’s still happening. The focus of this study is to examine why this is still an issue for a lot of companies and why it's so hard to counter social engineering. By going over previous research we identified that security culture in a company and the awareness of its employees influence the attitudes which a person needs to have to be able to fend of social engineering attacks. This study argues that attitudes determine if a person processes an incoming message through a central or peripheral route. Since a company’s security culture seemed to influence how people could counter social engineering we went to a manufacturing company and examined the security culture to try and get a better understanding on the complexity of the problem. The study concludes that being completely resilient to social engineering attacks is practically impossible. If a user will have access to a certain information, a skilled con-artist will have a chance to get their hands on that information through the user. However, the study emphasize that a company can work with improving resistance towards incoming social engineering attacks by focusing on their security culture and their employees’ attitudes and awareness concerning the problem.
|
| 69 |
A malware threat avoidance model for online social network usersIkhalia, Ehinome January 2017 (has links)
The main purpose of this thesis is to develop a malware threat avoidance model for users of online social networks (OSNs). To understand the research domain, a comprehensive and systematic literature review was conducted and then the research scope was established. Two design science iterations were carried out to achieve the research aim reported in this thesis. In the first iteration, the research extended the Technology Threat Avoidance Theory (TTAT) to include a unique characteristic of OSN - Mass Interpersonal Persuasion (MIP). The extended model (TTAT-MIP), focused on investigating the factors that needs to be considered in a security awareness system to motivate OSN users to avoid malware threats. Using a quantitative approach, the results of the first iteration suggests perceived severity, perceived threat, safeguard effectiveness, safeguard cost, self-efficacy and mass interpersonal persuasion should be included in a security awareness system to motivate OSN users to avoid malware threats. The second iteration was conducted to further validate TTAT-MIP through a Facebook video animation security awareness system (referred in this thesis as Social Network Criminal (SNC)). SNC is a Web-based application integrated within Facebook to provide security awareness to OSN users. To evaluate TTAT-MIP through SNC, three research techniques were adopted: lab experiments, usability study and semi-structured interviews. The results suggest that participants perceived SNC as a useful tool for malware threat avoidance. In addition, SNC had a significant effect on the malware threat avoidance capabilities of the study participants. Moreover, the thematic analysis of the semi-structured interviews demonstrated that the study participants' found SNC to be highly informative; persuasive; interpersonally persuasive; easy to use; relatable; fun to use; engaging; and easy to understand. These findings were strongly related to the constructs of TTAT-MIP. The research contributes to theory by demonstrating a novel approach to design and deploy security awareness systems in a social context. This was achieved by including users' behavioural characteristic on the online platform where malware threats occur within a security awareness system. Besides, this research shows how practitioners keen on developing systems to improve security behaviours could adopt the TTAT-MIP model for other related contexts.
|
| 70 |
O uso das tecnologias de informação e comunicação na terceira idade e a vulnerabilidade à engenharia socialViana, José Augusto Lopes 22 February 2017 (has links)
Submitted by Maike Costa (maiksebas@gmail.com) on 2017-09-01T13:33:57Z
No. of bitstreams: 1
arquivototal.pdf: 1644316 bytes, checksum: 0077e60780bb617131dcfe8aa5552f10 (MD5) / Approved for entry into archive by Viviane Lima da Cunha (viviane@biblioteca.ufpb.br) on 2017-09-01T15:56:30Z (GMT) No. of bitstreams: 1
arquivototal.pdf: 1644316 bytes, checksum: 0077e60780bb617131dcfe8aa5552f10 (MD5) / Made available in DSpace on 2017-09-01T15:56:41Z (GMT). No. of bitstreams: 1
arquivototal.pdf: 1644316 bytes, checksum: 0077e60780bb617131dcfe8aa5552f10 (MD5)
Previous issue date: 2017-02-22 / This research aimed to study the relationship between vulnerability to social engineering and Information and Communication Technologies (ICTs) use by the elderly. To achieve this goal, it was elaborated a questionnaire addressing situations of vulnerability to social engineering in three dimensions: persuasion, data collection and fabrication. The questionnaire was applied online and in the paper format, obtaining 306 respondents aged between 16 and 85 years, later grouped in five age groups. The data were submitted to factorial analysis and statistical tests to verify differences in behavior between the age groups. For this purpose, ANOVA and Kruskal-Wallis tests were performed. As a result, it was verified that the elderly would be more vulnerable to social engineering in dealing with credentials, in the Data Collection Identity dimension, and less vulnerable when compared to respondents in other age groups in the Fabrication Impersonation/Opportunity dimension. It was concluded that the ICT use by the elderly needs to be analyzed on other aspects besides the maintenance of cognitive abilities and the enrichment of the quality of life. As theoretical implications, this research contributes to warn people and organizations to hazards not always evident in the computer resources use. As practical implications, this study shows a vulnerable behavior of the elderly that should be considered by the organizations in the use of credentials, as well as shows a behavior that should be better explored by the organizations regarding the lower vulnerability of the elderly to social engineering techniques of impersonation and opportunity. / O objetivo dessa pesquisa foi estudar as relações entre vulnerabilidade à engenharia social e o uso das Tecnologias de Informação e Comunicação (TICs) por idosos. Para atingir esse objetivo, foi elaborado um questionário abordando situações de vulnerabilidade à engenharia social em três dimensões: persuasão, coleta de dados e fabricação. O questionário foi aplicado no formato online e papel, obtendo-se 306 respondentes com idades entre 16 e 85 anos, posteriormente agrupadas em cinco faixas etárias. Os dados obtidos foram submetidos à análise fatorial e testes estatísticos para verificação de diferenças de comportamento entre as faixas etárias analisadas, com essa finalidade foram realizados testes ANOVA e Kruskal-Wallis. Como resultado, foi verificado que os idosos estariam mais vulneráveis à engenharia social no trato com as credenciais, na dimensão Coleta de Dados Identidade, e menos vulneráveis, quando comparados aos respondentes nas demais faixas etárias, na dimensão Fabricação Personificação/Oportunidade. Conclui-se que o uso das TICs pelos idosos precisa ser analisado sobre outros aspectos além da manutenção das capacidades cognitivas e do enriquecimento da qualidade de vida. Como implicações teóricas, a presente pesquisa contribui para despertar pessoas e organizações para perigos nem sempre evidentes no uso dos recursos informáticos. Como implicações práticas, esse estudo evidencia um comportamento vulnerável dos idosos que deve ser considerado pelas organizações no uso de credenciais, assim como evidencia um comportamento que deve ser mais bem explorado pelas organizações no que diz respeito à menor vulnerabilidade dos idosos às técnicas de engenharia social de personificação e oportunidade.
|
Page generated in 0.0662 seconds