Countermeasures for Social Engineering-based Malware Installation Attacks

Social engineering exploits vulnerabilities at different layers (i.e. technical, social layer) in an organizational defense structure. It is therefore important to understand how to defend against these attacks using a holistic defense approach including multiple countermeasures. The literature suggests a plethora of countermeasures, little research has however been done to assess their effectiveness in managing social engineering threats. In this paper we attempt to obtain a deeper understanding of how to defend against a type of social engineering attack that attempts to install malware on computers through e-mail or portable media. We explore commonly proposed countermeasures needed to prevent this type of attack, and if any dependencies between them exist. Through a combined method approach of surveying the literature and conducting semi-structured interviews with domain experts we identified a set of countermeasures that provide empirical input for future studies but could potentially also give organizations guidance on how to manage social engineering-based malware installation attacks

Persuasive technologies: a systematic literature review and application to PISA

Persuasive Technologies is an expansive eld that covers various research areas including engineering and social sciences. This document summarizes current and historical models of information processing, persuasion and persuasive systems design in order to place other studies in the eld within context. The Persuasive Systems Design Model is then selected as the most recent and comprehensive model in the eld, afer which a series of sample context analyses are performed using this model. The case used for these context analyses is the PISA tool. Finally, we consider the limitations and possible future work of this literature review

An investigation into information security practices implemented by Research and Educational Network of Uganda (RENU) member institution

Educational institutions are known to be at the heart of complex computing systems in any region in which they exist, especially in Africa. The existence of high end computing power, often connected to the Internet and to research network grids, makes educational institutions soft targets for attackers. Attackers of such networks are normally either looking to exploit the large computing resources available for use in secondary attacks or to steal Intellectual Property (IP) from the research networks to which the institutions belong. Universities also store a lot of information about their current students and staff population as well as alumni ranging from personal to financial information. Unauthorized access to such information violates statutory requirement of the law and could grossly tarnish the institutions name not to mention cost the institution a lot of money during post-incident activities. The purpose of this study was to investigate the information security practices that have been put in place by Research and Education Network of Uganda (RENU) member institutions to safeguard institutional data and systems from both internal and external security threats. The study was conducted on six member institutions in three phases, between the months of May and July 2011 in Uganda. Phase One involved the use of a customised quantitative questionnaire tool. The tool - originally developed by information security governance task-force of EDUCAUSE - was customised for use in Uganda. Phase Two involved the use of a qualitative interview guide in a sessions between the investigator and respondents. Results show that institutions rely heavily on Information and Communication Technology (ICT) systems and services and that all institutions had already acquired more than three information systems and had acquired and implemented some of the cutting edge equipment and systems in their data centres. Further results show that institutions have established ICT departments although staff have not been trained in information security. All institutions interviewed have ICT policies although only a few have carried out policy sensitization and awareness campaigns for their staff and students.Te

Moloch\u27s Children: Monstrous Techno-Capitalism in North American Popular Fiction

Deriving from the Latin monere (to warn), monsters are at their very core warnings against the horrors that lurk in the shadows of our present and the mists of our future – in this case, the horrors of techno-capitalism (i.e., the conjunction of scientific modes of research and capitalist modes of production). This thesis reveals the ideological mechanisms that animate “techno-capitalist” monster narratives through close readings of 7 novels and 3 films from Canada and the United States in both English and French and released between 1979 and 2016. All texts are linked by shared themes, narrative tropes, and a North American origin. Since the corpus emerges from the home of the current techno-capitalist hegemony, it reveals the fears of those who benefit from the system yet are still terrified by its potential. The inclusion of Canadian texts nuances the analysis by taking into account the internal hierarchy of the North American capitalist empire. The thesis is primarily interested in how texts from three different cultures in the corpus construct their plots, characters, and settings to perform similar kinds of ideological work, that is, the work of representing and critiquing capitalist ideology. Special attention is paid to repeated motifs used to reveal and represent the monstrousness of the techno-capitalist system. The study of these motifs is divided into three sections. The first explores techno-capitalist monsters as personifications of the worst excesses of contemporary consumer culture. The second focuses on the fusion of science and capitalism as dramatized through the figure of the mad corporate scientist. The third reads the corpus as a collection of environmental narratives that comment on the techno-capitalist exploitation of nature. The ideological analysis of the corpus favours a socio-economic hermeneutic but also addresses issues of ethnicity and nationality. A Marxist theoretical approach is privileged throughout, with reliance on Baudrillardian concepts such as the code and the hyperreal