Social Engineering (SE) deceptively penetrates the information system (IS) through low- or non-technical means [1], largely by manipulating authorized human users for illicit access. Many papers and publications discuss SE schemes using anecdotal evidence to depict its criticality. OBJECTIVE – This paper aims to fully synthesize extant literature regarding the SE concept, process, threats, implications, and solution strategies. METHOD – The systematic literature review examines 54 sources (conference papers, journal papers, articles, and ebook chapters) which are classified according to identifiable links to each research question posed. RESULTS – Seven conceptual models of SE are presented, featuring psychological to systemic elements. Different SE processes are specified by three main stages: planning, execution and exploitation. All possible motivations and targets for SE attacks are examined, with targets making up three different categories: organizational, systemic, and individual. SE infiltration techniques are described under four main methods: direct request, persuasion, fabrication, and data collection. Also, SE-related vulnerabilities and threats are identified and detailed as four types: human factors, organizational-management policies, information-security policies, and others. Direct and indirect SE implications are outlined. Finally, five sorts of solutions are featured: education, security policy, defense-in-depth, security assessment and technical controls. Education is most highly emphasized by primary studies (62%), followed by security policy (55%).
| Date of Award | Dec 2014 |
|---|
| Original language | American English |
|---|
| Supervisor | Davor Svetinovic (Supervisor) |
|---|
- Social Engineering
- Information Systems
- Information Security
- Information and Communication Technology
- Cyber-security.
Security Social Engineering: Systematic Literature Review
Al Atebi, M. (Author). Dec 2014
Student thesis: Master's Thesis