The human is often the weak link in the attainment of Information Security due to their susceptibility to deception and manipulation. Social Engineering refers to the exploitation of humans in order to gain unauthorised access to sensitive information. Although Social Engineering is an important branch of Information Security, the discipline is not well defined; a number of different definitions appear in the literature. Several concepts in the domain of Social Engineering are defined in this paper. This paper also presents an ontological model for Social Engineering attack based on the analysis of existing definitions and taxonomies. An ontology enables the explicit, formal representation of the entities and their inter-relationships within a domain. The aim is both to contribute towards commonly accepted domain definitions, and to develop a representative model for a Social Engineering attack. In summary, this paper provides concrete definitions for Social Engineering, Social Engineering attack and social engineer.
Reference:
Leenen, L and Mouton F. Towards an ontological model defining the social engineering domain. Springer Berlin Heidelberg 2014, Turku, Finland, 30 July - 1 August 2014
Mouton, F., Leenen, L., Malan, M., & Venter, H. (2014). Towards an ontological model defining the social engineering domain. Springer Berlin Heidelberg. http://hdl.handle.net/10204/7953
Mouton, F, L Leenen, MM Malan, and HS Venter. "Towards an ontological model defining the social engineering domain." (2014): http://hdl.handle.net/10204/7953
Mouton F, Leenen L, Malan M, Venter H, Towards an ontological model defining the social engineering domain; Springer Berlin Heidelberg; 2014. http://hdl.handle.net/10204/7953 .
11th IFIP TC9 Human Choice and Computers Conference, Turku, Finland, 30 July - 1 August 2014. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publisher's website
Author:Mouton, Francois; Leenen, Louise; Venter, HSDate:Jun 2016The field of information security is a fast-growing discipline. Even though the effectiveness of security measures to protect sensitive information is increasing, people remain susceptible to manipulation and thus the human element remains a ...Read more
Author:Mouton, Francois; Nottingham, Alastair T; Leenen, Louise; Venter, HSDate:Aug 2017Information security is a fast-growing discipline, and relies on continued improvement of security measures to protect sensitive information. In general, human operators are often highly susceptible to manipulation, and tend to be one of the ...Read more
Author:Van de Merwe, J; Mouton, FrancoisDate:Nov 2017Social engineering attacks present a material threat to the security of information systems. To date security professionals only manage the potential effects of a social engineering attack. Security professionals consider such attacks as ...Read more
