Social Engineering Penetration Testing within the OODCA Cycle – Approaches to Detect and Remediate Human Vulnerabilities and Risks in Information Security

Öztürk, Asiye; Koza, Erfan; Willer, Michael

doi:10.54941/ahfe1003721

Cited by 1 publication

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Incorporating human elements into the security chain is crucial, as it aids in the detection and prevention of issues. It should instead be viewed as the strongest link in Information Security in this situation, not a weak one [72]. Human error is now the main factor that makes SE attacks viable.…”

Section: -Discussion Of the Resultsmentioning

confidence: 99%

Common Techniques, Success Attack Factors and Obstacles to Social Engineering: A Systematic Literature Review

Lopes,

Mamede,

Reis

et al. 2024

Emerg Sci J

View full text Add to dashboard Cite

Knowledge of Social Engineering is crucial to prevent potential attacks related to organizational Information Security. The objective of this paper aims to identify the most common social engineering techniques, success attack factors, and obstacles, as well as the good practices and frameworks that could be adopted concerning their mitigation. As an analysis methodology, a Systematic Literature Review was carried out. The findings revealed that the discussion about SE attacks has increased and that the most imminent threat is phishing. Exploiting human vulnerabilities is a growing threat when the attack is not carried out directly through technical means. There continue to be more technical attacks than non-technical attacks. Encouraging organizational security prevention, like training, education, technical controls, process development, defense in detail, and the development of security policies, should be considered mitigating factors for the negative impact of SE attacks. Most SE frameworks/models are focused on attack techniques and methods, mostly on technical components, decorating human factor. As a novelty, we found the opportunity to develop a new framework that could improve coverage of the gaps found, supported on security international standards, that could help and support researchers in developing their work, understanding open research topics, and providing a clearer understanding of this type of threat. Doi: 10.28991/ESJ-2024-08-02-025 Full Text: PDF

show abstract

Section: -Discussion Of the Resultsmentioning

confidence: 99%