Benchmarking a mobile implementation of the social engineering prevention training tool
- 1 August 2017
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2017 Information Security for South Africa (ISSA)
Abstract
As the nature of information stored digitally becomes more important and confidential, the security of the systems put in place to protect this information needs to be increased. The human element, however, remains a vulnerability of the system and it is this vulnerability that social engineers attempt to exploit. The Social Engineering Attack Detection Model version 2 (SEADMv2) has been proposed to help people identify malicious social engineering attacks. Prior to this study, the SEADMv2 had not been implemented as a user friendly application or tested with real subjects. This paper describes how the SEADMv2 was implemented as an Android application. This Android application was tested on 20 subjects, to determine whether it reduces the probability of a subject falling victim to a social engineering attack or not. The results indicated that the Android implementation of the SEADMv2 significantly reduced the number of subjects that fell victim to social engineering attacks. The Android application also significantly reduced the number of subjects that fell victim to malicious social engineering attacks, bidirectional communication social engineering attacks and indirect communication social engineering attacks. The Android application did not have a statistically significant effect on harmless scenarios and unidirectional communication social engineering attacks.Keywords
This publication has 14 references indexed in Scilit:
- Social engineering attack examples, templates and scenariosComputers & Security, 2016
- Detection of Social Engineering Attacks Through Natural Language Processing of ConversationsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- Necessity for ethics in social engineering researchComputers & Security, 2015
- Social Engineering Attack Detection Model: SEADMv2Published by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Towards an Ontological Model Defining the Social Engineering DomainPublished by Springer Science and Business Media LLC ,2014
- Gaining Access with Social Engineering: An Empirical Study of the ThreatInformation Systems Security, 2007
- ATTENTION WHEN?: An Investigation of the Ordering Effect of Input and InteractionStudies in Second Language Acquisition, 2005
- A review of web-based product data management systemsComputers in Industry, 2001
- Sampling for qualitative researchFamily Practice, 1996
- Snowball Sampling: Problems and Techniques of Chain Referral SamplingSociological Methods & Research, 1981