The Design and Evaluation of an Interactive Social Engineering Training Programme

Social engineering is a major issue affecting organisational security. Educating employees on how to avoid social engineering attacks is important because social engineering tries to penetrate an organisation by using employees to grant authorized access to sensitive information. While there are a number of theoretical studies about social engineering, a few practical studies have moved towards educating and training employees on how to spot such attacks. In this research, we emphasise the importance of educating employees to make them more resilient to these kinds of attacks. We developed an educational video encapsulated within a Social Engineering Training Programme. This is essentially an interactive training video during which the learner interacts with three different scenarios; educational content, a knowledge-check, and a web page containing the latest news about current social engineering attacks. The training programme was evaluated in a Saudi trading company with 24 employees. The evaluation showed that the programme delivered a positive impact in terms of awareness, as tested by a post-training qui

Analisis Penyerangan Social Engineering

In the era of Information where the Information itself has became one of valuable asset for an organization so, an organization will tried to protect the information that they have. But, even the thickest wall of security can fall if the people inside the security wall make mistake that leads to security hole. This kind of mistake usually can be exploit by hacker using Social Engineering. This research is trying to explore this type of attack by analyzing, gathering literature, and finding similar incident that already happen before, to give other people information about Social Engineering and the threat that this type of attack can pose. The result of this research will be recommendation that can be used to protect the company's information from the threat that comes from Social Engineering

Social engineering and crime prevention in cyberspace

This paper highlights methods of syntactic and semantic social engineering attacks (human-based and computer-based) that are currently prevalent in the cyber community. It will also present the emerging trends in high-tech crime; and, the likely future direction cyber-crime will take with respect to social engineering

Antisipasi Dampak Social Engineering pada Bisnis Perbankan

Perkembangan teknologi informasi membuat institusi perbankan mengubah strategi bisnis dengan menempatkan teknologi sebagai unsur utama dalam proses inovasi produk dan jasa. Kecanggihan teknologi yang diterapkan oleh institusi perbankan telah diakui mampu menangkal potensi kejahatan perbankan yang dilakukan oleh hacker. Menyadari semakin canggihnya perlindungan sistem perbankan, hacker tidak hanya beroperasi di Balik komputer untuk menyerang targetnya, mereka juga menghampiri targetnya secara langsung untuk mendapatkan informasi berharga yang mereka butuhkan sehingga dapat mengakses sistem yang terlindungi oleh benteng keamanan dan membuat penanganan keamanan apapun menjadi tidak berguna, cara seperti inilah yang biasa disebut sebagai Social Engineering. Dalam social engineering, si pelaku memanfaatkan sifat alamiah dari manusia. Hal ini diartikan bahwa betapa sifat alami manusia dapat diketahui dan dipelajari juga dimanfaatkan untuk tujuan tertentu. Kejahatan social engineering sangat membahayakan bisnis perbankan karena berpotensi menimbulkan kerugian finansial, reputasi dan hukum bagi bank dan nasabahnya melalui serangan fisik dan serangan psikologis. Untuk mengurangi resiko tersebut, bank perlu untuk melatih dan mendidik staf mereka mengenai ancaman keamanan dan bagaimana caranya mengenali dan mengantisipasi  serangan Social Engineering. Untuk mencegah dampak social engineering pada bisnis perbankan diperlukan langkah antisipatif melalui mencegah kebocoran password, keamanan akses informasi, verifikasi kontak, mengikuti prosedur, pelaporan tindakan mencurigakan, menjaga emosi, pelatihan berkelanjutan dan memberikan edukasi kepada nasaba

A New Role for Human Resource Managers: Social Engineering Defense

[Excerpt] The general risk of social engineering attacks to organizations has increased with the rise of digital computing and communications, while for an attacker the risk has decreased. In order to counter the increased risk, organizations should recognize that human resources (HR) professionals have just as much responsibility and capability in preventing this risk as information technology (IT) professionals. Part I of this paper begins by defining social engineering in context and with a brief history pre-digital age attacks. It concludes by showing the intersection of HR and IT through examples of operational attack vectors. In part II, the discussion moves to a series of measures that can be taken to help prevent social engineering attacks

Case Study On Social Engineering Techniques for Persuasion

There are plenty of security software in market; each claiming the best, still we daily face problem of viruses and other malicious activities. If we know the basic working principal of such malware then we can very easily prevent most of them even without security software. Hackers and crackers are experts in psychology to manipulate people into giving them access or the information necessary to get access. This paper discusses the inner working of such attacks. Case study of Spyware is provided. In this case study, we got 100% success using social engineering techniques for deception on Linux operating system, which is considered as the most secure operating system. Few basic principal of defend, for the individual as well as for the organization, are discussed here, which will prevent most of such attack if followed.Comment: 7 Page

Action research and democracy

This contribution explores the relationship between research and learning democracy. Action research is seen as being compatible with the orientation of educational and social work research towards social justice and democracy. Nevertheless, the history of action research is characterized by a tension between democracy and social engineering. In the social-engineering approach, action research is conceptualized as a process of innovation aimed at a specific Bildungsideal. In a democratic approach action research is seen as research based on cooperation between research and practice. However, the notion of democratic action research as opposed to social engineering action research needs to be theorized. So called democratic action research involving the implementation by the researcher of democracy as a model and as a preset goal, reduces cooperation and participation into instruments to reach this goal, and becomes a type of social engineering in itself. We argue that the relationship between action research and democracy is in the acknowledgment of the political dimension of participation: ‘a democratic relationship in which both sides exercise power and shared control over decision-making as well as interpretation’. This implies an open research design and methodology able to understand democracy as a learning process and an ongoing experiment