ResearchSpace
Mapping the anatomy of social engineering attacks to the systems engineering life cycle
JavaScript is disabled for your browser. Some features of this site may not work without it.
- ResearchSpace
- →
- Research Publications/Outputs
- →
- Conference Publications
- →
- View Item
| dc.contributor.author |
Van de Merwe, J
|
|
| dc.contributor.author |
Mouton, Francois
|
|
| dc.date.accessioned | 2018-01-04T10:46:19Z | |
| dc.date.available | 2018-01-04T10:46:19Z | |
| dc.date.issued | 2017-11 | |
| dc.identifier.citation | Van de Merwe, J. and Mouton, F. 2017. Mapping the anatomy of social engineering attacks to the systems engineering life cycle. Proceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017), pp. 24-40 | en_US |
| dc.identifier.isbn | 978-1-84102-428-8 | |
| dc.identifier.uri | https://cscan.org/openaccess/?id=371 | |
| dc.identifier.uri | http://hdl.handle.net/10204/9929 | |
| dc.description | Paper presented at the Eleventh International Symposium on Human Aspects of Information Security & Assurance | en_US |
| dc.description.abstract | Social engineering attacks present a material threat to the security of information systems. To date security professionals only manage the potential effects of a social engineering attack. Security professionals consider such attacks as external threats to the overall information system and so far preventative measures are mostly focused around asking people to be aware and guard against becoming victims through tailored cyber-awareness campaigns. The social engineering attack framework (SEAF) presents a way to think about social engineering proactively. Furthermore, systems engineering is about coping with complexity. Systems engineering helps to avoid omissions and invalid assumptions. It also helps to manage real world changing issues, and produce the most efficient, economic and robust solution. Within the systems engineering discipline extensive techniques have been developed to support its underlying principles and processes. By aligning the SEAF to systems engineering life cycle, access to those techniques are granted allowing for a security professional to cope with the complexities of social engineering attacks in a defined and quantitative manner. This gives the opportunity to explore applying the various techniques to assist in handling social engineering attacks as part of system security, including people, processes and technology, not to mention it links the efforts to a budget. The latter is especially relevant when justifying the means to cope with social engineering attacks, for example to stablish and drive an awareness campaign. Before all this can happen, we first need to establish the link between the SEAF and systems engineering, which is what this paper is aimed at. The benefit of this link is that it will allow for a direct translation of our remised scenario to the tools used in the systems engineering space. These include a context diagram, functional modelling, holistic requirements modelling, matrix diagrams, stakeholder maps and a viewpoint analysis. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | CSCAN | en_US |
| dc.relation.ispartofseries | Worklist;19980 | |
| dc.subject | Bidirectional communication | en_US |
| dc.subject | Indirect communication | en_US |
| dc.subject | Mitnick's attack cycle | en_US |
| dc.subject | Social engineering attack detection | en_US |
| dc.subject | Social engineering attack framework | en_US |
| dc.subject | Social engineering ontology | en_US |
| dc.subject | Systems engineering life cycle | en_US |
| dc.subject | Unidirectional communication | en_US |
| dc.subject | Information security | en_US |
| dc.title | Mapping the anatomy of social engineering attacks to the systems engineering life cycle | en_US |
| dc.type | Conference Presentation | en_US |
| dc.identifier.apacitation | Van de Merwe, J., & Mouton, F. (2017). Mapping the anatomy of social engineering attacks to the systems engineering life cycle. CSCAN. http://hdl.handle.net/10204/9929 | en_ZA |
| dc.identifier.chicagocitation | Van de Merwe, J, and Francois Mouton. "Mapping the anatomy of social engineering attacks to the systems engineering life cycle." (2017): http://hdl.handle.net/10204/9929 | en_ZA |
| dc.identifier.vancouvercitation | Van de Merwe J, Mouton F, Mapping the anatomy of social engineering attacks to the systems engineering life cycle; CSCAN; 2017. http://hdl.handle.net/10204/9929 . | en_ZA |
| dc.identifier.ris | TY - Conference Presentation AU - Van de Merwe, J AU - Mouton, Francois AB - Social engineering attacks present a material threat to the security of information systems. To date security professionals only manage the potential effects of a social engineering attack. Security professionals consider such attacks as external threats to the overall information system and so far preventative measures are mostly focused around asking people to be aware and guard against becoming victims through tailored cyber-awareness campaigns. The social engineering attack framework (SEAF) presents a way to think about social engineering proactively. Furthermore, systems engineering is about coping with complexity. Systems engineering helps to avoid omissions and invalid assumptions. It also helps to manage real world changing issues, and produce the most efficient, economic and robust solution. Within the systems engineering discipline extensive techniques have been developed to support its underlying principles and processes. By aligning the SEAF to systems engineering life cycle, access to those techniques are granted allowing for a security professional to cope with the complexities of social engineering attacks in a defined and quantitative manner. This gives the opportunity to explore applying the various techniques to assist in handling social engineering attacks as part of system security, including people, processes and technology, not to mention it links the efforts to a budget. The latter is especially relevant when justifying the means to cope with social engineering attacks, for example to stablish and drive an awareness campaign. Before all this can happen, we first need to establish the link between the SEAF and systems engineering, which is what this paper is aimed at. The benefit of this link is that it will allow for a direct translation of our remised scenario to the tools used in the systems engineering space. These include a context diagram, functional modelling, holistic requirements modelling, matrix diagrams, stakeholder maps and a viewpoint analysis. DA - 2017-11 DB - ResearchSpace DP - CSIR KW - Bidirectional communication KW - Indirect communication KW - Mitnick's attack cycle KW - Social engineering attack detection KW - Social engineering attack framework KW - Social engineering ontology KW - Systems engineering life cycle KW - Unidirectional communication KW - Information security LK - https://researchspace.csir.co.za PY - 2017 SM - 978-1-84102-428-8 T1 - Mapping the anatomy of social engineering attacks to the systems engineering life cycle TI - Mapping the anatomy of social engineering attacks to the systems engineering life cycle UR - http://hdl.handle.net/10204/9929 ER - | en_ZA |
Files in this item
This item appears in the following Collection(s)
Related items
Showing items related by title, author, creator and subject.
