[Social Engineering: A Hindrance To Information Security]

by

Acknowledgement

I would take this opportunity to thank my research supervisor, family and friends for their support and guidance without which this research would not have been possible.

DECLARATION

I, [type your full first names and surname here], declare that the contents of this dissertation/thesis represent my own unaided work, and that the dissertation/thesis has not previously been submitted for academic examination towards any qualification. Furthermore, it represents my own opinions and not necessarily those of the University.

Signed __________________ Date _________________

Abstract

This dissertation is based on the topic of “Social Engineering: A Hindrance to Information Security”. This paper presents an analysis of the impact of social engineering on information security. The first chapter provides an introduction to the topic. Theoretical framework and hypotheses are also included in this chapter. The second chapter covers the literature review on the topic. The methodology is presented in the third chapter, followed by discussion of results in the fourth chapter. The fifth chapter is based on conclusions and implications for the future research.

Table of Contents

ABSTRACT4

CHAPTER 1: INTRODUCTION7

Background8

Problem Statement9

Purpose of the Study10

Objectives of the Study11

Significance of the Study11

Theoretical Framework12

Hypotheses15

CHAPTER 2: LITERATURE REVIEW24

Threat assessment and control27

Proposed strike cycle of the ASE bot29

Map & Bond30

Execute31

Recruit & Cloak31

Evolve/Regress31

Information Security32

Phishing34

Spear Phishing34

Dumpster diving35

Ethical Issues35

Attack model36

Special Sources Required37

Chatbots37

Implementation of chatbot38

Evaluate the prototype38

A. Impersonation39

B. Trust40

C. Diffusion41

D. Overloading/Strong affect41

E. Moral Duty42

F. Reciprocation42

G. Urgency42

H. Direct Approach43

Social Engineering Methods43

A. Corporate Website43

B. Google Search44

C. Job Sites44

D. Public Venues45

E. Dumpster Diving46

Mitigation49

A. Policy49

B. Physical Security50

C. Acceptable Use51

D. Help Desk52

E. Improvements53

Social engineering training could disrupt botnet growth53

Preventing attacks with social engineering training55

Diminishing the Impact of Social Engineering56

CHAPTER 3: METHODOLOGY58

Instrumentation: sample and data collection59

Experimental procedures60

Treatment Procedures61

Punishment Treatment Group62

Ethics Training Group63

Social engineering training group63

CHAPTER 4: RESULTS AND DISCUSSION65

Results65

Discussion68

CHAPTER 5: CONCLUSION69

Limitations70

Implications for research71

Implications for practice72

Conclusion76

REFERENCES77

APPENDIX85

Social Engineering: A Hindrance to Information Security

Chapter 1: Introduction

Merriam-Webster Online Dictionary defines social engineering as the management of people to their place and function in society: applied social sciences "(Acquisti, 2005, 33). This famous and politically correct definition that is acceptable to the social engineers, chemists, physicians, and mathematics to compare. An alternative definition that many computer-oriented websites link slang definition "File" - "A term used among crackers for cracking techniques that rely on weaknesses in wetware, no software, getting people to passwords and other information Trick goals that a target system security is compromised. "(Albrechtsen, 2006, 51)

It's jargon-rich is difficult to understand layman. Lay definition, and is still by far the most concise and accurate "old-fashioned manipulation". As Western countries, the transition from an industrial to a postindustrial, information security is rapidly becoming increasingly important for companies mainly in Western Europe, Asia and the United States. Focus involved in the corporate and individual information of particular importance for the company in e-commerce, such as financial institutions adopted by e-retailers (eBay, Amazon, etc.) and online stock trading (ShareBuilder, Ameritrade, etc.) should be aware, however, all types of companies show the importance of information security.

Background

Social engineering is not a new concept. The social engineering tactics were used by Odysseus and Sinon to get the wooden horse outside ...