António Lopes – Polytechnic Institute of Setúbal, Portugal
Leonilde Reis – Polytechnic Institute of Setúbal, Portugal
DOI: https://doi.org/10.31410/LIMEN.2020.185
6th International Scientific-Business Conference – LIMEN 2020 – Leadership, Innovation, Management and Economics: Integrated Politics of Research – CONFERENCE PROCEEDINGS, Online/virtual, November 26, 2020, published by the Association of Economists and Managers of the Balkans, Belgrade; Printed by: SKRIPTA International, Belgrade, ISBN 978-86-80194-39-4, ISSN 2683-6149, DOI: https://doi.org/10.31410/LIMEN.2020
Abstract
Social Engineering, in view of the current dependence of information systems and information and communication technologies organizations, is of great interest in creating conditions, in order to reduce the threats and vulnerabilities, to which organizations are exposed. Thus, Social Engineering is considered to have emerged as a serious threat in virtual communities and is an effective way of attacking information systems, by creating conditions in order to jeopardize business continuity. The article presents the problem in the field of Information Security, emphasizing concerns in the field of Social Engineering in view of the vulnerabilities to which the generality of organizations is exposed. The research methodology adopted is Design Science Research, given the specificity of the problem. The main results are the literature review in the field of Social Engineering, with special emphasis on attack models and a reflection of the real-world professional experience.
Keywords
Social engineering, Information security, Information systems, Information and communication technologies.
References
Bianchi, I., & Dinis de Sousa, R. (2015). Governança de TI em universidades públicas: Proposta de um modelo. Instituto Universitário de Lisboa (ISCTE-IUL). Obtained from http://hdl.handle.net/1822/39467
Eiras, M. (2004). Engenharia Social e Estelionato Eletrônico. Rio de Janeiro.
Ferreira, I., Ferreira, S., Silva, C., & Carvalho, J. (2012). Dilemas iniciais na investigação em TSI design science e design research, uma clarificação de conceitos. Proceedings of Conferência Ibérica de Sistemas y Tecnologias de Informação. Obtained from https://repositorium.sdum.uminho.pt/bitstream/1822/21696/1/CISTI 2012.pdf.
Heartfield, R., & Loukas, G. (December de 2015). A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks. ACM Computing Surveys(37). doi: https://doi.org/10.1145/2835375
Hevner, A., March , S., Park, J., & Ram, S. (2004). Design Science in Information Systems Research. MIS Quarterly, 1(28), 75–105.
ISO/IEC 27001:2013. (2013). Information technology — Security techniques — Information security management systems — Requirements. ISO/IEC.
ISO/IEC 27002:2013. (2013). Information technology — Security techniques — Code of practice for information security controls. ISO/IEC.
ISO/IEC 27008:2019. (2019). Information technology — Security techniques — Guidelines for the assessment of information security controls. ISO/IEC.
Kaspersky. (2020). What is Social Engineering?: Obtained from https://www.kaspersky.com/resource-center/definitions/what-is-social-engineering
Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (June de 2015). Advanced social engineering attacks. Journal of Information Security and Applications, 22, 113-122. doi:https://doi.org/10.1016/j.jisa.2014.09.005
Lacerda, D. P., Dresch, A., Proença, A., & Antunes Júnior, J. A. (2013). Lacerda, D. P., Dresch, A., Proença, A., & Antunes Júnior, J. A. V. (2013). Design Science Research: 89 método de pesquisa para a engenharia de produção. Gestão & Produção, 20(4),. pp. 741–761. Obtained from Design Science Research: método de pesquisa para a engenharia de produção. Gestão & Produção, 20(4), 741–761,: https://doi.org/10.1590/S0104-530X2013005000014
Lopes, A. & Reis, L. (2021). Framework para avaliação de ameaças à segurança de informação com recurso a engenharia social no contexto organizacional. V International Forum on Management. Instituto Politécnico de Setúbal. Setúbal.
Mitnick, K. D., & Simon, W. L. (2003). A Arte de Enganar – Ataques de Hackers: Controlando o Fator Humano na Segurança da Informação. São Paulo: Pearson Education.
Mouton, F., Leenen, L., & Venter, H. (June de 2016). Social Engineering Attack Examples, Templates and Scenarios. Elsevier Computers & Security, 59, 186-209. doi:https://doi.org/10.1016/j.cose.2016.03.004
Mouton, F., Leenen, L., & Venter, H. S. (2015). Social Engineering Attack Detection Model: SEADMv2. International Conference on Cyberworlds (CW), pp. 216-223.
Mouton, F., Leenen, L., Malan, M., & Venter, H. (2014). Towards an Ontological Model Defining the Social Engineering Domain, in Kimppa, K. et al. (eds) ICT and Society . (S. B. Heidelberg, Ed.) IFIP Advances in Information and Communication Technology, 266-279. doi:https://doi.org/10.1007/978-3-662-44208-1_22
Pais, R., Moreira, F., & Varajão, J. (2013). Engenharia Social (ou o carneiro que afinal era um lobo). doi:http://hdl.handle.net/11328/1347
Pedro, S. (2015). Modelação de Processos para as principais áreas de Recursos Humanos. Nova Information Management School.
Peffers, K., Tuunanen, T., Rothenberger, M., & Cha. (2007). A Design Science Research Methodology for Information Systems Research. Journal of Management Information Systems, 3(24), 45-78. Reis, L., Silveira, C., Péricles, C., Pires, G., Carvalho, L., & Mata, C. (2020). The potential of technology in transforming it into a more sustainable society model – The Homeless Person case. 20ª Conferência da Associação Portuguesa de Sistemas de Informação – CAPSI 2020. Porto, Portugal.
Russo, N., & Reis, L. (2020a). Certificação de Programas de Faturação – Guia para a Continuidade de Negócio. Lisboa: FCA.
Russo N., & Reis, L., (2020b). Methodological approach to systematization of Business Continuity in organizations, in L. Cagica Carvalho, L. Reis, A. Prata, R. Pereira (eds), Multidisciplinary Approach to Entrepreneurship, Innovation, and ICTs, USA: IGI Global.
Roquete, M. (2018). Modelo de maturidade para apoio à implementação de uma filosofia de gestão orientada a processos numa organização. Nova Information Management School, Lisboa.
Sêmola, M. (2014). Gestão da segurança da informação: Uma Visão Executiva (2ª ed.). São Paulo: Elsevier.
Silveira, C. & Reis, L., (2020). Sustainability in Information and Communication Technologies, in L. Cagica Carvalho, L. Reis, A. Prata, R. Pereira (eds), Multidisciplinary Approach to Entrepreneurship, Innovation, and ICTs, USA: IGI Global.
Srivastava, M., Walker, W., & Olson, E. (2015). Social Engineering Protection. QINETIQ North America, Inc.
Thornburgh, T. (October de 2004). Social engineering: the “Dark Art”. InfoSecCD ’04: Proceedings of the 1st annual conference on Information security curriculum development, (pp. 133-135). doi:https://doi.org/10.1145/1059524.1059554