Dalal Alharthi scite author profile

The sudden increase in employees working primarily or even exclusively at home has generated unique societal and economic circumstances which makes the protection of information assets a major problem for organizations. The application of security policies is essential for mitigating the risk of social engineering attacks. However, incorporating and enforcing successful security policies in an organization is not a straightforward task. To that end, this paper develops a model of Social Engineering InfoSec Policies (SE-IPs) and investigates the incorporation of those SE-IPs in organizations. This paper proposes a customizable model of SE-IPs that can be adopted by a wide variety of organizations. The authors designed and distributed a survey to measure the incorporation level of formal SE-IPs in organizations. After collecting and analyzing the data which included over fifteen hundred responses, the authors found that on average, organizations incorporated just over fifty percent of the identified formal Social Engineering InfoSec Policies.

show abstract

A Literature Survey and Analysis on Social Engineering Defense Mechanisms and Infosec Policies

Alharthi¹,

Regan²

2021

IJNSA

View full text Add to dashboard Cite

Social engineering attacks can be severe and hard to detect. Therefore, to prevent such attacks, organizations should be aware of social engineering defense mechanisms and security policies. To that end, the authors developed a taxonomy of social engineering defense mechanisms, designed a survey to measure employee awareness of these mechanisms, proposed a model of Social Engineering InfoSec Policies (SE-IPs), and designed a survey to measure the incorporation level of these SE-IPs. After analyzing the data from the first survey, the authors found that more than half of employees are not aware of social engineering attacks. The paper also analyzed a second set of survey data, which found that on average, organizations incorporated just over fifty percent of the identified formal SE-IPs. Such worrisome results show that organizations are vulnerable to social engineering attacks, and serious steps need to be taken to elevate awareness against these emerging security threats.

show abstract

Secure Cloud Migration Strategy (SCMS): A Safe Journey to the Cloud

Alharthi

2023

iccws

View full text Add to dashboard Cite

The state of cloud security is evolving. Many organizations are migrating their on-premises data centers to cloud networks at a rapid pace due to the benefits like cost-effectiveness, scalability, reliability, and flexibility. Yet, cloud environments also raise certain security concerns that may hinder their adoption. Cloud security threats may include data breaches/leaks, data loss, access management, insecure APIs, and misconfigured cloud storage. The security challenges associated with cloud computing have been widely studied in previous literature and different research groups. This paper conducted a systematic literature review and examined the research studies published between 2010 and 2023 within popular digital libraries. The paper then proposes a comprehensive Secure Cloud Migration Strategy (SCMS) that organizations can adopt to secure their cloud environment. The proposed SCMS consists of three main repeatable phases/processes, which are preparation; readiness and adoption; and testing. Among these phases, the author addresses tasks/projects from the different perspectives of the three cybersecurity teams, which are the blue team (defenders), the red team (attackers), and the yellow team (developers). This can be used by the Cloud Center of Excellence (CCoE) as a checklist that covers defending the cloud; attacking and abusing the cloud; and applying the security shift left concepts. In addition to that, the paper addresses the necessary cloud security documents/runbooks that should be developed and automated such as incident response runbook, disaster recovery planning, risk assessment methodology, and cloud security controls. Future research venues and open cloud security problems/issues were addressed throughout the paper. The ultimate goal is to support the development of a proper security system to an efficient cloud computing system to help harden organizations’ cloud infrastructures and increase the cloud security awareness level, which is significant to national security. Furthermore, practitioners and researchers can use the proposed solutions to replicate and/or extend the proposed work.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Dalal Alharthi

A Taxonomy of Social Engineering Defense Mechanisms

Social Engineering Defense Mechanisms: A Taxonomy and a Survey of Employees’ Awareness Level

Social Engineering Infosec Policies (SE-IPS)

A Literature Survey and Analysis on Social Engineering Defense Mechanisms and Infosec Policies

Secure Cloud Migration Strategy (SCMS): A Safe Journey to the Cloud

Contact Info

Product

Resources

About