dc.contributor.author |
Mouton, F
|
|
dc.contributor.author |
Malany, MM
|
|
dc.contributor.author |
Leenen, l
|
|
dc.contributor.author |
Venter, HS
|
|
dc.date.accessioned |
2015-03-12T10:24:54Z |
|
dc.date.available |
2015-03-12T10:24:54Z |
|
dc.date.issued |
2014-07 |
|
dc.identifier.citation |
Mouton, F, Malany, MM, Leenen, L, and Venter, HS. 2014. Social engineering attack framework. Information Security for South Africa, Johannesburg, South Africa, 12-14 August 2014 |
en_US |
dc.identifier.isbn |
978-1-4799-3383-9 |
|
dc.identifier.uri |
http://hdl.handle.net/10204/7954
|
|
dc.description |
Information Security for South Africa, Johannesburg, South Africa, 12-14 August 2014. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publisher's website. |
en_US |
dc.description.abstract |
The field of information security is a fast growing; discipline. Even though the effectiveness of security measures; to protect sensitive information is increasing, people remain; susceptible to manipulation and the human element is thus a; weak link. A social engineering attack targets this weakness by; using various manipulation techniques in order to elicit sensitive; information. The field of social engineering is still in its infancy; stages with regards to formal definitions and attack frameworks.; This paper proposes a social engineering attack framework; based on Kevin Mitnick¿s social engineering attack cycle. The; attack framework addresses shortcomings of Mitnick¿s social; engineering attack cycle and focuses on every step of the social; engineering attack from determining the goal of an attack up; to the successful conclusion of the attack. The authors use a; previously proposed social engineering attack ontological model; which provides a formal definition for a social engineering attack.; The ontological model contains all the components of a social; engineering attack and the social engineering attack framework; presented in this paper is able to represent temporal data; such as flow and time. Furthermore, this paper demonstrates; how historical social engineering attacks can be mapped to; the social engineering attack framework. By combining the; ontological model and the attack framework, one is able to; generate social engineering attack scenarios and to map historical; social engineering attacks to a standardised format. Scenario; generation and analysis of previous attacks are useful for the development; of awareness, training purposes and the development; of countermeasures against social engineering attacks. |
en_US |
dc.language.iso |
en |
en_US |
dc.publisher |
Information Security for South Africa (ISSA), 2014 |
en_US |
dc.relation.ispartofseries |
Workflow;14013 |
|
dc.subject |
Bidirectional Communication |
en_US |
dc.subject |
Indirect Communication |
en_US |
dc.subject |
Mitnick’sAttack Cycle |
en_US |
dc.subject |
Ontological Model |
en_US |
dc.subject |
Social Engineering Attack |
en_US |
dc.subject |
Social Engineering |
en_US |
dc.subject |
Framework |
en_US |
dc.subject |
Unidirectional Communication |
en_US |
dc.title |
Social engineering attack framework |
en_US |
dc.type |
Conference Presentation |
en_US |
dc.identifier.apacitation |
Mouton, F., Malany, M., Leenen, l., & Venter, H. (2014). Social engineering attack framework. Information Security for South Africa (ISSA), 2014. http://hdl.handle.net/10204/7954 |
en_ZA |
dc.identifier.chicagocitation |
Mouton, F, MM Malany, l Leenen, and HS Venter. "Social engineering attack framework." (2014): http://hdl.handle.net/10204/7954 |
en_ZA |
dc.identifier.vancouvercitation |
Mouton F, Malany M, Leenen l, Venter H, Social engineering attack framework; Information Security for South Africa (ISSA), 2014; 2014. http://hdl.handle.net/10204/7954 . |
en_ZA |
dc.identifier.ris |
TY - Conference Presentation
AU - Mouton, F
AU - Malany, MM
AU - Leenen, l
AU - Venter, HS
AB - The field of information security is a fast growing; discipline. Even though the effectiveness of security measures; to protect sensitive information is increasing, people remain; susceptible to manipulation and the human element is thus a; weak link. A social engineering attack targets this weakness by; using various manipulation techniques in order to elicit sensitive; information. The field of social engineering is still in its infancy; stages with regards to formal definitions and attack frameworks.; This paper proposes a social engineering attack framework; based on Kevin Mitnick¿s social engineering attack cycle. The; attack framework addresses shortcomings of Mitnick¿s social; engineering attack cycle and focuses on every step of the social; engineering attack from determining the goal of an attack up; to the successful conclusion of the attack. The authors use a; previously proposed social engineering attack ontological model; which provides a formal definition for a social engineering attack.; The ontological model contains all the components of a social; engineering attack and the social engineering attack framework; presented in this paper is able to represent temporal data; such as flow and time. Furthermore, this paper demonstrates; how historical social engineering attacks can be mapped to; the social engineering attack framework. By combining the; ontological model and the attack framework, one is able to; generate social engineering attack scenarios and to map historical; social engineering attacks to a standardised format. Scenario; generation and analysis of previous attacks are useful for the development; of awareness, training purposes and the development; of countermeasures against social engineering attacks.
DA - 2014-07
DB - ResearchSpace
DP - CSIR
KW - Bidirectional Communication
KW - Indirect Communication
KW - Mitnick’sAttack Cycle
KW - Ontological Model
KW - Social Engineering Attack
KW - Social Engineering
KW - Framework
KW - Unidirectional Communication
LK - https://researchspace.csir.co.za
PY - 2014
SM - 978-1-4799-3383-9
T1 - Social engineering attack framework
TI - Social engineering attack framework
UR - http://hdl.handle.net/10204/7954
ER -
|
en_ZA |