Information security threat assessment using social  engineering in the organizational context: literature  review

Lopes, António; Reis, Leonilde; São Mamede, Henrique; Santos, Arnaldo

http://hdl.handle.net/10400.26/40242

Use this identifier to reference this record.

Name:	Description:	Size:	Format:
FINAL jan o8 2022 080122 WorldCIST22 Submission ID 161 - Social Engeneering.pdf		597 KB	Adobe PDF	Download

Send Feedback

Authors

Abstract(s)

Due to the value and diversity of data that organizations use and pro duce in their activity, it is extremely important to protect this asset. Security flaws can arise due to several factors and whenever it is difficult to access the desired information because of technological barriers. In this case, attacks are redirected to the exploitation of human beings vulnerabilities through various techniques. The objective of this work focuses on literature review, studying the underlying theme of Social Engineering, as it uses human trust, convincing someone of something fake, using various interactions and different vectors to gain access to private information. Design Science Research will support the research work due to the possibility of construction, evaluation, and subsequent validation of the artefact. The contribution of a framework proposal for preventing social engi neering attacks in organizations and providing the best recommendations, guid ing, and supporting the stakeholders in the selection and definition of controls that guarantee the security of organizational information and avoid possible at tacks by Social Engineering. It is expected that the practical effects of the future work will result in a reduction in the number of attacks using Social Engineering, greater individual and collective preparation to deal with this problem and, over time, the incentive to the continued expansion of the adoption of these artefacts at the organizational level.