CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Security service level agreements: quantifiable security for the enterprise?
Proceedings of the 1999 workshop on New security paradigms
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Hacking Linux Exposed
Information Assurance Measures and Metrics " State of Practice and Proposed Taxonomy
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
Recent worms: a survey and trends
Proceedings of the 2003 ACM workshop on Rapid malcode
Proceedings of the 2003 ACM workshop on Rapid malcode
Communications of the ACM - Mobile computing opportunities and challenges
A framework for conceptualizing social engineering attacks
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
| Hi-index | 0.00 |
Social engineering (SE) is the name used for a bag of tricks used by adversaries to manipulate victims to make them say or do something they otherwise wouldn't have. Typically this includes making the victims disclose passwords, or give the adversary illegitimate access to buildings or privileged information. The book Art of Deception: Controlling the Human Element of Security by Kevin Mitnick gives several examples of potential attacks. Clearly, countermeasures are needed. Countermeasures may include special hardware, software, improved user interfaces, routines, procedures and staff training. However, in order to assess the effectiveness of these countermeasures, we need a SE resistance metric. This paper de.nes such a metric. We have also implemented software to obtain metric test data. A real life SE experiment involving 120 participants has been completed. The experiment suggests that SE may indeed represent an Achilles heel.