Social engineering attacks present a material threat to the security of information systems. To date security professionals only manage the potential effects of a social engineering attack. Security professionals consider such attacks as external threats to the overall information system and so far preventative measures are mostly focused around asking people to be aware and guard against becoming victims through tailored cyber-awareness campaigns. The social engineering attack framework (SEAF) presents a way to think about social engineering proactively. Furthermore, systems engineering is about coping with complexity. Systems engineering helps to avoid omissions and invalid assumptions. It also helps to manage real world changing issues, and produce the most efficient, economic and robust solution. Within the systems engineering discipline extensive techniques have been developed to support its underlying principles and processes. By aligning the SEAF to systems engineering life cycle, access to those techniques are granted allowing for a security professional to cope with the complexities of social engineering attacks in a defined and quantitative manner. This gives the opportunity to explore applying the various techniques to assist in handling social engineering attacks as part of system security, including people, processes and technology, not to mention it links the efforts to a budget. The latter is especially relevant when justifying the means to cope with social engineering attacks, for example to stablish and drive an awareness campaign. Before all this can happen, we first need to establish the link between the SEAF and systems engineering, which is what this paper is aimed at. The benefit of this link is that it will allow for a direct translation of our remised scenario to the tools used in the systems engineering space. These include a context diagram, functional modelling, holistic requirements modelling, matrix diagrams, stakeholder maps and a viewpoint analysis.
Reference:
Van de Merwe, J. and Mouton, F. 2017. Mapping the anatomy of social engineering attacks to the systems engineering life cycle. Proceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017), pp. 24-40
Van de Merwe, J., & Mouton, F. (2017). Mapping the anatomy of social engineering attacks to the systems engineering life cycle. CSCAN. http://hdl.handle.net/10204/9929
Van de Merwe, J, and Francois Mouton. "Mapping the anatomy of social engineering attacks to the systems engineering life cycle." (2017): http://hdl.handle.net/10204/9929
Van de Merwe J, Mouton F, Mapping the anatomy of social engineering attacks to the systems engineering life cycle; CSCAN; 2017. http://hdl.handle.net/10204/9929 .
Author:Mouton, Francois; Leenen, Louise; Venter, HSDate:Jun 2016The field of information security is a fast-growing discipline. Even though the effectiveness of security measures to protect sensitive information is increasing, people remain susceptible to manipulation and thus the human element remains a ...Read more
Author:Mouton, Francois; Nottingham, Alastair T; Leenen, Louise; Venter, HSDate:Aug 2017Information security is a fast-growing discipline, and relies on continued improvement of security measures to protect sensitive information. In general, human operators are often highly susceptible to manipulation, and tend to be one of the ...Read more
Author:Mouton, F; Leenen, L; Malan, MM; Venter, HSDate:Aug 2014The human is often the weak link in the attainment of Information Security due to their susceptibility to deception and manipulation. Social Engineering refers to the exploitation of humans in order to gain unauthorised access to sensitive ...Read more
ResearchSpace
