Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(262.64KB)
This is an Open Access publication published under CSC-OpenAccess Policy.

PUBLICATIONS BY COUNTRIES

Top researchers from over 74 countries worldwide have trusted us because of quality publications.

United States of America
United Kingdom
Canada
Australia
Malaysia
China
Japan
Saudi Arabia
Egypt
India
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies, Tools and Applications: A Critical Appraisal
Hussain Aldawood, Geoffrey Skinner
Pages - 1 - 15     |    Revised - 30-04-2019     |    Published - 01-06-2019
Volume - 10   Issue - 1    |    Publication Date - June 2019  Table of Contents
MORE INFORMATION
KEYWORDS
Social Engineering Threats, Social Engineering Measures, Security Policies, Social Engineering Tools, Social Engineering Solutions.
ABSTRACT
Social engineering is a major threat to organizations as more and more companies digitize operations and increase connectivity through the internet. After defining social engineering and the problems it presents, this study offers a critical review of existing protection measures, tools, and policies for organizations to combat cyber security social engineering. Through a systematic review of recent studies published on the subject, our analysis identifies the need to provide training for employees to ensure they understand the risks of social engineering and how best to avoid becoming a victim. Protection measures include awareness programs, training of non-technical staff members, new security networks, software usage, and security protocols to address social engineering threats.
1 Google Scholar 
2 BibSonomy 
3 ResearchGate 
4 Scribd 
5 SlideShare 
1 H. Aldawood and G. Skinner, "A Critical Appraisal of Contemporary Cyber Security Social Engineering Solutions: Measures, Policies, Tools and Applications," in IEEE 26th International Conference on Systems Engineering, Sydney, Australia, 2018.
2 W. Lee et al., "2017 Emerging Cyber Threats, Trends & Technologies Report," Georgia Institute of Technology, p. 28, 2018.
3 E. Europol, "The Internet Organised Crime Threat Assessment (IOCTA) 2016," ed: Europol, 2016.
4 B. Atkins and W. Huang, "A study of social engineering in online frauds," Open Journal of Social Sciences, vol. 1, no. 03, p. 23, 2013.
5 D. P. Twitchell, "Social engineering in information assurance curricula," in Proceedings of the 2006 Information Security Curriculum Development Conference, InfoSecCD '06, 2007, pp. 191-193.
6 R. Heartfield and D. Gan, "Social engineering in the internet of everything," Cutter IT Journal, Article vol. 29, no. 7, 2016.
7 R. Lemos, "Expect a New Battle in Cyber Security: AI versus AI," Symantec Publications, 2017.
8 F. Breda, H. Barbosa, and T. Morais, "Social engineering and cyber security," in em Conference: International Technology, Education and Development Conference, 2017.
9 H. Aldawood and G. Skinner, "Educating and Raising Awareness on Cyber Security Social Engineering: A Literature Review," in 2018 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE), 2018: IEEE, pp. 62-68.
10 R. M. Lee, M. J. Assante, and T. Conway, "German steel mill cyber attack," Industrial Control Systems, vol. 30, p. 62, 2014.
11 R. Hackett, "Fraudsters duped this company into handing over $40 million," Fortune Publication, 2015.
12 A. U. Zulkurnain, A. K. B. K. Hamidy, A. B. Husain, and H. Chizari, "Social Engineering Attack Mitigation," International Journal of Mathematics and Computational Science, vol. 1, no. 4, pp. 188-198, 2015.
13 A. Sharifi, A. B. Noorollahi, and F. Farokhmanesh, "Intrusion detection and prevention systems (IDPS) and security issues," International Journal of Computer Science and Network Security (IJCSNS), vol. 14, no. 11, p. 80, 2014.
14 R. Albert et al., "The Future of Ransomware and Social Engineering," U.S. Department of Homeland Security, 2017.
15 R. F. Rights, "Global Information Assurance Certification Paper," 2003.
16 O. Awodele, E. E. Onuiri, and S. O. Okolie, "Vulnerabilities in Network Infrastructures and Prevention/Containment Measures," in Proceedings of Informing Science & IT Education Conference (InSITE), 2012.
17 ISACA. State of Cybersecurity: Implications for 2015 [Online] Available: https://www.isaca.org/cyber/Documents/State-of-Cybersecurity_Res_Eng_0415.pdf
18 H. Aldawood and G. Skinner, "Challenges of Implementing Training and Awareness Programs Targeting Cyber Security Social Engineering," in International Conferences on Cyber Security and Communication Systems, Melbourne, Australia, 2018.
19 A. N. Chantler and R. Broadhurst, "Social engineering and crime prevention in cyberspace," 2006.
20 S. Abraham and I. Chengalur-Smith, "An overview of social engineering malware: Trends, tactics, and implications," Technology in Society, vol. 32, no. 3, pp. 183-196, 2010.
21 S. D. Applegate, "Social engineering: Hacking the wetware!," Information Security Journal, Article vol. 18, no. 1, pp. 40-46, 2009.
22 W. Fan, L. Kevin, and R. Rong, "Social engineering: Ie based model of human weakness for attack and defense investigations," IJ Computer Network and Information Security, vol. 9, no. 1, pp. 1-11, 2017.
23 V. Greavu-Serban and O. Serban, "Social engineering a general approach," Informatica Economica, vol. 18, no. 2, p. 5, 2014.
24 D. Airehrour, N. Vasudevan Nair, and S. Madanian, "Social Engineering Attacks and Countermeasures in the New Zealand Banking System: Advancing a User-Reflective Mitigation Model," Information, vol. 9, no. 5, p. 110, 2018.
25 T. R. Peltier, "Social engineering: Concepts and solutions," Information Security Journal, vol. 15, no. 5, p. 13, 2006.
26 A. Algarni, Y. Xu, T. Chan, and Y.-C. Tian, "Social engineering in social networking sites: Affect-based model," in Internet technology and secured transactions (icitst), 2013 8th international conference for, 2013: IEEE, pp. 508-515.
27 W. R. Flores and M. Ekstedt, "Countermeasures for Social Engineering-based Malware Installation Attacks," in CONF-IRM, 2013, p. 23.
28 M. Nohlberg and S. Kowalski, "The cycle of deception - A model of social engineering attacks, defences and victims," in Proceedings of the 2nd International Symposium on Human Aspects of Information Security and Assurance, HAISA 2008, 2008, pp. 1-11.
29 T. Mataracioglu and S. Ozkan, "User awareness measurement through social engineering," arXiv preprint arXiv:1108.2149, 2011.
30 A. Adewole, A. Durosinmi, and M. A. Polyetchnic, "Social Engineering Threats and Applicable Countermeasures," African Journal of Computing & ICT, vol. 8, no. 2, 2015.
31 E. Alkhamis and K. Renaud, "The Design and Evaluation of an Interactive Social Engineering Training Programme," 2016.
32 O. Buckley, J. R. Nurse, P. A. Legg, M. Goldsmith, and S. Creese, "Reflecting on the ability of enterprise security policy to address accidental insider threat," in Socio-Technical Aspects in Security and Trust (STAST), 2014 Workshop on, 2014: IEEE, pp. 8-15.
33 H. Aldawood and G. Skinner, "An Academic Review of Current Industrial and Commercial Cyber Security Social Engineering Solutions," in 2019 the 3rd International Conference on Cryptography, Security and Privacy, Kuala Lumpur, Malaysia 2019.
34 I. Tovstukha and U. Laaneots, "Prevention Strategies For Social Engineering," 2013.
35 A. Kumar, M. Chaudhary, and N. Kumar, "Social engineering threats and awareness: a survey," European Journal of Advances in Engineering and Technology, vol. 2, no. 11, pp. 15-19, 2015.
36 M. Workman, "Gaining access with social engineering: An empirical study of the threat," Information Systems Security, Article vol. 16, no. 6, pp. 315-331, 2007.
37 J. Saleem and M. Hammoudeh, "Defense methods against social engineering attacks," in Computer and Network Security Essentials, 2017, pp. 603-618.
38 F. Mouton, L. Leenen, and H. S. Venter, "Social engineering attack examples, templates and scenarios," Computers and Security, Article vol. 59, pp. 186-209, 2016.
39 H. Wilcox and M. Bhattacharya. Countering social engineering through social media: An enterprise security perspective, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9330 LNCS, pp. 54-64, 2015.
40 R. Gulati, "The threat of social engineering and your defense against it," SANS Reading Room, 2003.
41 K. Krombholz, H. Hobel, M. Huber, and E. Weippl, "Advanced social engineering attacks," Journal of Information Security and Applications, Article vol. 22, pp. 113-122, 2015.
42 A. Smith, M. Papadaki, and S. M. Furnell. Improving awareness of social engineering attacks, IFIP Advances in Information and Communication Technology, vol. 406, pp. 249-256, 2013.
43 J. D. Bustard, J. N. Carter, and M. S. Nixon, "Targeted biometric impersonation," in Biometrics and Forensics (IWBF), 2013 International Workshop on, 2013: IEEE, pp. 1-4.
44 R. Islam and J. Abawajy, "A multi-tier phishing detection and filtering approach," Journal of Network and Computer Applications, vol. 36, no. 1, pp. 324-335, 2013.
45 P. A. Barraclough, M. A. Hossain, M. Tahir, G. Sexton, and N. Aslam, "Intelligent phishing detection and protection scheme for online transactions," Expert Systems with Applications, vol. 40, no. 11, pp. 4697-4706, 2013.
46 M. Butavicius, K. Parsons, M. Pattinson, and A. McCormac, "Breaching the human firewall: Social engineering in phishing and spear-phishing emails," arXiv preprint arXiv:1606.00887, 2016.
47 K. Ivaturi and L. Janczewski, "A taxonomy for social engineering attacks," in International Conference on Information Resources Management, 2011: Centre for Information Technology, Organizations, and People, pp. 1-12.
48 S. S. Mudholkar, P. M. Shende, and M. V. Sarode, "Biometrics authentication technique for intrusion detection systems using fingerprint recognition," International Journal of Computer Science, Engineering and Information Technology (IJCSEIT), vol. 2, no. 1, pp. 57-65, 2012.
49 A. Elyashar, "The Security of Organizations and Individuals in Online Social Networks," arXiv preprint arXiv:1607.04775, 2016.
50 P. Piredda et al., "Deepsquatting: Learning-based typosquatting detection at deeper domain levels," in Conference of the Italian Association for Artificial Intelligence, 2017: Springer, pp. 347-358.
51 ProofPoint. The Human Factor: People-Centered threats define the Landscape [Online] Available: https://www.proofpoint.com/us/human-factor-2018
52 N. Sohrabi Safa, R. Von Solms, and S. Furnell, "Information security policy compliance model in organizations," Computers and Security, Article vol. 56, pp. 1-13, 2016.
Mr. Hussain Aldawood
School of Electrical Engineering and Computing, University of Newcastle - Australia
hussain.aldawood@uon.edu.au
Dr. Geoffrey Skinner
School of Electrical Engineering and Computing, University of Newcastle - Australia