Social engineering: psychology applied to Information Security

Psychology and computer science are two scientific disciplines that focus on identifying the particular characteristics of information processing. The first in the human being and the second in the construction of a technical tool that seeks to emulate the brain: the computer. That is why psychology is strongly tied to the moment for people to choose their passwords. Deceptive advertising often compensates (through money, products and free services or other self-esteem tests) to influence a product or service to appear on your social network. In order to increase its consumption among its followers and also to take personal information without your consent. Due to the increase of the use of social networks, our social engineering strategy can efficiently and effectively show that security is subjective and that a significant percentage of users are vulnerable to deceptive advertisement through the internet. This project is based on the need to prevent attacks of information subtraction by obtaining/decrypting the keys of access or in the worst case obtain directly their passwords to the different web services, bank accounts, credit cards of individuals, based on the information that people exposed or share on their social networks. This paper also examines how attackers could obtain/decipher their passwords based on personal information obtained from deceptive advertisements implemented through a social network. The advantage of this approach also shows the user password composition providing a better vision of how hackers use the psychology applied to information security.Maestrí

Strategies Used to Mitigate Social Engineering Attacks

Cybercriminal activity performed widely through social engineering attacks is estimated to be one of the substantial challenges the world will face over the next 20 years. Cybercriminal activity is important to chief information security officers (CISOs) because these attacks represent the largest transfer of economic wealth in history and pose risks to the incentives for organizational innovation and investment and eventually become more profitable than the global trade of all major illegal drugs combined. Grounded in the balanced control theory, the purpose of this multiple case study was to explore strategies CISOs use to mitigate social engineering attacks within their organizations. Participants consisted of 6 CISOs across 6 small to medium-sized organizations that handle payment card industry data in the West Coast region of the United States of America. Data were collected from CISOs by semi structured telephone interviews. Data were analyzed through interview transcription, in-depth exploration of phenomena, data coding development, and the identification of links to themes. Three major themes emerged from the data analysis: information technology (IT) risks, security awareness, and IT strategies. A key recommendation is for CISOs to develop security awareness programs and implement technical, formal, and informal controls, to sustain operations and protect their networks from potential social engineering attacks. The implications for positive social change include the potential for (a) the mitigation of social engineering attacks, (b) the protection of both organizational and consumer data, and (c) an increase in consumer confidence resulting in increased economic prosperity