期刊名称:International Journal of Computer Science Issues
印刷版ISSN:1694-0784
电子版ISSN:1694-0814
出版年度:2017
卷号:14
期号:2
出版社:IJCSI Press
摘要:Social engineering has become serious phenomenon in the history of information security worldwide. Although this approach is widely used by criminals to exploit the human aspect as the security weakest link, there is not many studies focusing on such issue. Fail to understand the nature of social engineering will increase the security risk posture of the organisation. Inspite of the fact that most of social engineering attacks are seemed to be unstructure and diverse in nature, this research result shows that there exists common patterns that can be mapped and organised in a logical and structured way. This study is aimed to develop and to propose a framework to help security practitioners in having better and wholistic understanding on the nature and characteristics of such humen-based attack. By understanding the detail characteristics of social engineering, an effective countermeasure effort can be designed and developed. This concept shall be used by the management of organisation or institution in developing its security mitigation strategy.
关键词:Social Engineering; Security; Deception; Attack; Human Element
