Mouton, FMalany, MMLeenen, lVenter, HS2015-03-122015-03-122014-07Mouton, F, Malany, MM, Leenen, L, and Venter, HS. 2014. Social engineering attack framework. Information Security for South Africa, Johannesburg, South Africa, 12-14 August 2014978-1-4799-3383-9http://hdl.handle.net/10204/7954Information Security for South Africa, Johannesburg, South Africa, 12-14 August 2014. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publisher's website.The field of information security is a fast growing; discipline. Even though the effectiveness of security measures; to protect sensitive information is increasing, people remain; susceptible to manipulation and the human element is thus a; weak link. A social engineering attack targets this weakness by; using various manipulation techniques in order to elicit sensitive; information. The field of social engineering is still in its infancy; stages with regards to formal definitions and attack frameworks.; This paper proposes a social engineering attack framework; based on Kevin Mitnick¿s social engineering attack cycle. The; attack framework addresses shortcomings of Mitnick¿s social; engineering attack cycle and focuses on every step of the social; engineering attack from determining the goal of an attack up; to the successful conclusion of the attack. The authors use a; previously proposed social engineering attack ontological model; which provides a formal definition for a social engineering attack.; The ontological model contains all the components of a social; engineering attack and the social engineering attack framework; presented in this paper is able to represent temporal data; such as flow and time. Furthermore, this paper demonstrates; how historical social engineering attacks can be mapped to; the social engineering attack framework. By combining the; ontological model and the attack framework, one is able to; generate social engineering attack scenarios and to map historical; social engineering attacks to a standardised format. Scenario; generation and analysis of previous attacks are useful for the development; of awareness, training purposes and the development; of countermeasures against social engineering attacks.enBidirectional CommunicationIndirect CommunicationMitnick’sAttack CycleOntological ModelSocial Engineering AttackSocial EngineeringFrameworkUnidirectional CommunicationConference PresentationMouton, F., Malany, M., Leenen, l., & Venter, H. (2014). Social engineering attack framework. Information Security for South Africa (ISSA), 2014. http://hdl.handle.net/10204/7954Mouton, F, MM Malany, l Leenen, and HS Venter. "Social engineering attack framework." (2014): http://hdl.handle.net/10204/7954Mouton F, Malany M, Leenen l, Venter H, Social engineering attack framework; Information Security for South Africa (ISSA), 2014; 2014. http://hdl.handle.net/10204/7954 .TY - Conference Presentation AU - Mouton, F AU - Malany, MM AU - Leenen, l AU - Venter, HS AB - The field of information security is a fast growing; discipline. Even though the effectiveness of security measures; to protect sensitive information is increasing, people remain; susceptible to manipulation and the human element is thus a; weak link. A social engineering attack targets this weakness by; using various manipulation techniques in order to elicit sensitive; information. The field of social engineering is still in its infancy; stages with regards to formal definitions and attack frameworks.; This paper proposes a social engineering attack framework; based on Kevin Mitnick¿s social engineering attack cycle. The; attack framework addresses shortcomings of Mitnick¿s social; engineering attack cycle and focuses on every step of the social; engineering attack from determining the goal of an attack up; to the successful conclusion of the attack. The authors use a; previously proposed social engineering attack ontological model; which provides a formal definition for a social engineering attack.; The ontological model contains all the components of a social; engineering attack and the social engineering attack framework; presented in this paper is able to represent temporal data; such as flow and time. Furthermore, this paper demonstrates; how historical social engineering attacks can be mapped to; the social engineering attack framework. By combining the; ontological model and the attack framework, one is able to; generate social engineering attack scenarios and to map historical; social engineering attacks to a standardised format. Scenario; generation and analysis of previous attacks are useful for the development; of awareness, training purposes and the development; of countermeasures against social engineering attacks. DA - 2014-07 DB - ResearchSpace DP - CSIR KW - Bidirectional Communication KW - Indirect Communication KW - Mitnick’sAttack Cycle KW - Ontological Model KW - Social Engineering Attack KW - Social Engineering KW - Framework KW - Unidirectional Communication LK - https://researchspace.csir.co.za PY - 2014 SM - 978-1-4799-3383-9 T1 - Social engineering attack framework TI - Social engineering attack framework UR - http://hdl.handle.net/10204/7954 ER -