In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017)
Title: Mapping the Anatomy of Social Engineering Attacks to the Systems Engineering Life Cycle
Author(s): Johan van de Merwe, Francois Mouton
Keywords: Bidirectional Communication, Indirect Communication, Mitnick's Attack Cycle, Social Engineering Attack Detection, Social Engineering Attack Framework, Social Engineering Ontology, Systems Engineering Life Cycle, Unidirectional Communication, Information Security.
Abstract: Social engineering attacks present a material threat to the security of information systems. To date security professionals only manage the potential effects of a social engineering attack. Security professionals consider such attacks as external threats to the overall information system and so far preventative measures are mostly focused around asking people to be aware and guard against becoming victims through tailored cyber-awareness campaigns. The social engineering attack framework (SEAF) presents a way to think about social engineering pro-actively. Furthermore, systems engineering is about coping with complexity. Systems engineering helps to avoid omissions and invalid assumptions. It also helps to manage real world changing issues, and produce the most efficient, economic and robust solution. Within the systems engineering discipline extensive techniques have been developed to support its underlying principles and processes. By aligning the SEAF to systems engineering life cycle, access to those techniques are granted allowing for a security professional to cope with the complexities of social engineering attacks in a defined and quantitative manner. This gives the opportunity to explore applying the various techniques to assist in handling social engineering attacks as part of system security, including people, processes and technology, not to mention it links the efforts to a budget. The latter is especially relevant when justifying the means to cope with social engineering attacks, for example to establish and drive an awareness campaign. Before all this can happen, we first need to establish the link between the SEAF and systems engineering, which is what this paper is aimed at. The benefit of this link is that it will allow for a direct translation of our premised scenario to the tools used in the systems engineering space. These include a context diagram, functional modelling, holistic requirements modelling, matrix diagrams, stakeholder maps and a viewpoint analysis.
Download count: 3155
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.