Van de Merwe, JMouton, Francois2018-01-042018-01-042017-11Van de Merwe, J. and Mouton, F. 2017. Mapping the anatomy of social engineering attacks to the systems engineering life cycle. Proceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017), pp. 24-40978-1-84102-428-8https://cscan.org/openaccess/?id=371http://hdl.handle.net/10204/9929Paper presented at the Eleventh International Symposium on Human Aspects of Information Security & AssuranceSocial engineering attacks present a material threat to the security of information systems. To date security professionals only manage the potential effects of a social engineering attack. Security professionals consider such attacks as external threats to the overall information system and so far preventative measures are mostly focused around asking people to be aware and guard against becoming victims through tailored cyber-awareness campaigns. The social engineering attack framework (SEAF) presents a way to think about social engineering proactively. Furthermore, systems engineering is about coping with complexity. Systems engineering helps to avoid omissions and invalid assumptions. It also helps to manage real world changing issues, and produce the most efficient, economic and robust solution. Within the systems engineering discipline extensive techniques have been developed to support its underlying principles and processes. By aligning the SEAF to systems engineering life cycle, access to those techniques are granted allowing for a security professional to cope with the complexities of social engineering attacks in a defined and quantitative manner. This gives the opportunity to explore applying the various techniques to assist in handling social engineering attacks as part of system security, including people, processes and technology, not to mention it links the efforts to a budget. The latter is especially relevant when justifying the means to cope with social engineering attacks, for example to stablish and drive an awareness campaign. Before all this can happen, we first need to establish the link between the SEAF and systems engineering, which is what this paper is aimed at. The benefit of this link is that it will allow for a direct translation of our remised scenario to the tools used in the systems engineering space. These include a context diagram, functional modelling, holistic requirements modelling, matrix diagrams, stakeholder maps and a viewpoint analysis.enBidirectional communicationIndirect communicationMitnick's attack cycleSocial engineering attack detectionSocial engineering attack frameworkSocial engineering ontologySystems engineering life cycleUnidirectional communicationInformation securityConference PresentationVan de Merwe, J., & Mouton, F. (2017). Mapping the anatomy of social engineering attacks to the systems engineering life cycle. CSCAN. http://hdl.handle.net/10204/9929Van de Merwe, J, and Francois Mouton. "Mapping the anatomy of social engineering attacks to the systems engineering life cycle." (2017): http://hdl.handle.net/10204/9929Van de Merwe J, Mouton F, Mapping the anatomy of social engineering attacks to the systems engineering life cycle; CSCAN; 2017. http://hdl.handle.net/10204/9929 .TY - Conference Presentation AU - Van de Merwe, J AU - Mouton, Francois AB - Social engineering attacks present a material threat to the security of information systems. To date security professionals only manage the potential effects of a social engineering attack. Security professionals consider such attacks as external threats to the overall information system and so far preventative measures are mostly focused around asking people to be aware and guard against becoming victims through tailored cyber-awareness campaigns. The social engineering attack framework (SEAF) presents a way to think about social engineering proactively. Furthermore, systems engineering is about coping with complexity. Systems engineering helps to avoid omissions and invalid assumptions. It also helps to manage real world changing issues, and produce the most efficient, economic and robust solution. Within the systems engineering discipline extensive techniques have been developed to support its underlying principles and processes. By aligning the SEAF to systems engineering life cycle, access to those techniques are granted allowing for a security professional to cope with the complexities of social engineering attacks in a defined and quantitative manner. This gives the opportunity to explore applying the various techniques to assist in handling social engineering attacks as part of system security, including people, processes and technology, not to mention it links the efforts to a budget. The latter is especially relevant when justifying the means to cope with social engineering attacks, for example to stablish and drive an awareness campaign. Before all this can happen, we first need to establish the link between the SEAF and systems engineering, which is what this paper is aimed at. The benefit of this link is that it will allow for a direct translation of our remised scenario to the tools used in the systems engineering space. These include a context diagram, functional modelling, holistic requirements modelling, matrix diagrams, stakeholder maps and a viewpoint analysis. DA - 2017-11 DB - ResearchSpace DP - CSIR KW - Bidirectional communication KW - Indirect communication KW - Mitnick's attack cycle KW - Social engineering attack detection KW - Social engineering attack framework KW - Social engineering ontology KW - Systems engineering life cycle KW - Unidirectional communication KW - Information security LK - https://researchspace.csir.co.za PY - 2017 SM - 978-1-84102-428-8 T1 - Mapping the anatomy of social engineering attacks to the systems engineering life cycle TI - Mapping the anatomy of social engineering attacks to the systems engineering life cycle UR - http://hdl.handle.net/10204/9929 ER -