Home   >   CSC-OpenAccess Library   >    Manuscript Information
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies, Tools and Applications: A Critical Appraisal
Hussain Aldawood, Geoffrey Skinner
Pages - 1 - 15     |    Revised - 30-04-2019     |    Published - 01-06-2019
Volume - 10   Issue - 1    |    Publication Date - June 2019  Table of Contents
Social Engineering Threats, Social Engineering Measures, Security Policies, Social Engineering Tools, Social Engineering Solutions.
Social engineering is a major threat to organizations as more and more companies digitize operations and increase connectivity through the internet. After defining social engineering and the problems it presents, this study offers a critical review of existing protection measures, tools, and policies for organizations to combat cyber security social engineering. Through a systematic review of recent studies published on the subject, our analysis identifies the need to provide training for employees to ensure they understand the risks of social engineering and how best to avoid becoming a victim. Protection measures include awareness programs, training of non-technical staff members, new security networks, software usage, and security protocols to address social engineering threats.
1 Google Scholar 
2 BibSonomy 
3 refSeek 
4 ResearchGate 
5 Scribd 
6 SlideShare 
A. Adewole, A. Durosinmi, and M. A. Polyetchnic, "Social Engineering Threats and Applicable Countermeasures," African Journal of Computing & ICT, vol. 8, no. 2, 2015.
A. Algarni, Y. Xu, T. Chan, and Y.-C. Tian, "Social engineering in social networking sites: Affect-based model," in Internet technology and secured transactions (icitst), 2013 8th international conference for, 2013: IEEE, pp. 508-515.
A. Elyashar, "The Security of Organizations and Individuals in Online Social Networks," arXiv preprint arXiv:1607.04775, 2016.
A. Kumar, M. Chaudhary, and N. Kumar, "Social engineering threats and awareness: a survey," European Journal of Advances in Engineering and Technology, vol. 2, no. 11, pp. 15-19, 2015.
A. N. Chantler and R. Broadhurst, "Social engineering and crime prevention in cyberspace," 2006.
A. Sharifi, A. B. Noorollahi, and F. Farokhmanesh, "Intrusion detection and prevention systems (IDPS) and security issues," International Journal of Computer Science and Network Security (IJCSNS), vol. 14, no. 11, p. 80, 2014.
A. Smith, M. Papadaki, and S. M. Furnell. Improving awareness of social engineering attacks, IFIP Advances in Information and Communication Technology, vol. 406, pp. 249-256, 2013.
A. U. Zulkurnain, A. K. B. K. Hamidy, A. B. Husain, and H. Chizari, "Social Engineering Attack Mitigation," International Journal of Mathematics and Computational Science, vol. 1, no. 4, pp. 188-198, 2015.
B. Atkins and W. Huang, "A study of social engineering in online frauds," Open Journal of Social Sciences, vol. 1, no. 03, p. 23, 2013.
D. Airehrour, N. Vasudevan Nair, and S. Madanian, "Social Engineering Attacks and Countermeasures in the New Zealand Banking System: Advancing a User-Reflective Mitigation Model," Information, vol. 9, no. 5, p. 110, 2018.
D. P. Twitchell, "Social engineering in information assurance curricula," in Proceedings of the 2006 Information Security Curriculum Development Conference, InfoSecCD '06, 2007, pp. 191-193.
E. Alkhamis and K. Renaud, "The Design and Evaluation of an Interactive Social Engineering Training Programme," 2016.
E. Europol, "The Internet Organised Crime Threat Assessment (IOCTA) 2016," ed: Europol, 2016.
F. Breda, H. Barbosa, and T. Morais, "Social engineering and cyber security," in em Conference: International Technology, Education and Development Conference, 2017.
F. Mouton, L. Leenen, and H. S. Venter, "Social engineering attack examples, templates and scenarios," Computers and Security, Article vol. 59, pp. 186-209, 2016.
H. Aldawood and G. Skinner, "A Critical Appraisal of Contemporary Cyber Security Social Engineering Solutions: Measures, Policies, Tools and Applications," in IEEE 26th International Conference on Systems Engineering, Sydney, Australia, 2018.
H. Aldawood and G. Skinner, "An Academic Review of Current Industrial and Commercial Cyber Security Social Engineering Solutions," in 2019 the 3rd International Conference on Cryptography, Security and Privacy, Kuala Lumpur, Malaysia 2019.
H. Aldawood and G. Skinner, "Challenges of Implementing Training and Awareness Programs Targeting Cyber Security Social Engineering," in International Conferences on Cyber Security and Communication Systems, Melbourne, Australia, 2018.
H. Aldawood and G. Skinner, "Educating and Raising Awareness on Cyber Security Social Engineering: A Literature Review," in 2018 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE), 2018: IEEE, pp. 62-68.
H. Wilcox and M. Bhattacharya. Countering social engineering through social media: An enterprise security perspective, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9330 LNCS, pp. 54-64, 2015.
I. Tovstukha and U. Laaneots, "Prevention Strategies For Social Engineering," 2013.
ISACA. State of Cybersecurity: Implications for 2015 [Online] Available: https://www.isaca.org/cyber/Documents/State-of-Cybersecurity_Res_Eng_0415.pdf
J. D. Bustard, J. N. Carter, and M. S. Nixon, "Targeted biometric impersonation," in Biometrics and Forensics (IWBF), 2013 International Workshop on, 2013: IEEE, pp. 1-4.
J. Saleem and M. Hammoudeh, "Defense methods against social engineering attacks," in Computer and Network Security Essentials, 2017, pp. 603-618.
K. Ivaturi and L. Janczewski, "A taxonomy for social engineering attacks," in International Conference on Information Resources Management, 2011: Centre for Information Technology, Organizations, and People, pp. 1-12.
K. Krombholz, H. Hobel, M. Huber, and E. Weippl, "Advanced social engineering attacks," Journal of Information Security and Applications, Article vol. 22, pp. 113-122, 2015.
M. Butavicius, K. Parsons, M. Pattinson, and A. McCormac, "Breaching the human firewall: Social engineering in phishing and spear-phishing emails," arXiv preprint arXiv:1606.00887, 2016.
M. Nohlberg and S. Kowalski, "The cycle of deception - A model of social engineering attacks, defences and victims," in Proceedings of the 2nd International Symposium on Human Aspects of Information Security and Assurance, HAISA 2008, 2008, pp. 1-11.
M. Workman, "Gaining access with social engineering: An empirical study of the threat," Information Systems Security, Article vol. 16, no. 6, pp. 315-331, 2007.
N. Sohrabi Safa, R. Von Solms, and S. Furnell, "Information security policy compliance model in organizations," Computers and Security, Article vol. 56, pp. 1-13, 2016.
O. Awodele, E. E. Onuiri, and S. O. Okolie, "Vulnerabilities in Network Infrastructures and Prevention/Containment Measures," in Proceedings of Informing Science & IT Education Conference (InSITE), 2012.
O. Buckley, J. R. Nurse, P. A. Legg, M. Goldsmith, and S. Creese, "Reflecting on the ability of enterprise security policy to address accidental insider threat," in Socio-Technical Aspects in Security and Trust (STAST), 2014 Workshop on, 2014: IEEE, pp. 8-15.
P. A. Barraclough, M. A. Hossain, M. Tahir, G. Sexton, and N. Aslam, "Intelligent phishing detection and protection scheme for online transactions," Expert Systems with Applications, vol. 40, no. 11, pp. 4697-4706, 2013.
P. Piredda et al., "Deepsquatting: Learning-based typosquatting detection at deeper domain levels," in Conference of the Italian Association for Artificial Intelligence, 2017: Springer, pp. 347-358.
ProofPoint. The Human Factor: People-Centered threats define the Landscape [Online] Available: https://www.proofpoint.com/us/human-factor-2018
R. Albert et al., "The Future of Ransomware and Social Engineering," U.S. Department of Homeland Security, 2017.
R. F. Rights, "Global Information Assurance Certification Paper," 2003.
R. Gulati, "The threat of social engineering and your defense against it," SANS Reading Room, 2003.
R. Hackett, "Fraudsters duped this company into handing over $40 million," Fortune Publication, 2015.
R. Heartfield and D. Gan, "Social engineering in the internet of everything," Cutter IT Journal, Article vol. 29, no. 7, 2016.
R. Islam and J. Abawajy, "A multi-tier phishing detection and filtering approach," Journal of Network and Computer Applications, vol. 36, no. 1, pp. 324-335, 2013.
R. Lemos, "Expect a New Battle in Cyber Security: AI versus AI," Symantec Publications, 2017.
R. M. Lee, M. J. Assante, and T. Conway, "German steel mill cyber attack," Industrial Control Systems, vol. 30, p. 62, 2014.
S. Abraham and I. Chengalur-Smith, "An overview of social engineering malware: Trends, tactics, and implications," Technology in Society, vol. 32, no. 3, pp. 183-196, 2010.
S. D. Applegate, "Social engineering: Hacking the wetware!," Information Security Journal, Article vol. 18, no. 1, pp. 40-46, 2009.
S. S. Mudholkar, P. M. Shende, and M. V. Sarode, "Biometrics authentication technique for intrusion detection systems using fingerprint recognition," International Journal of Computer Science, Engineering and Information Technology (IJCSEIT), vol. 2, no. 1, pp. 57-65, 2012.
T. Mataracioglu and S. Ozkan, "User awareness measurement through social engineering," arXiv preprint arXiv:1108.2149, 2011.
T. R. Peltier, "Social engineering: Concepts and solutions," Information Security Journal, vol. 15, no. 5, p. 13, 2006.
V. Greavu-Serban and O. Serban, "Social engineering a general approach," Informatica Economica, vol. 18, no. 2, p. 5, 2014.
W. Fan, L. Kevin, and R. Rong, "Social engineering: Ie based model of human weakness for attack and defense investigations," IJ Computer Network and Information Security, vol. 9, no. 1, pp. 1-11, 2017.
W. Lee et al., "2017 Emerging Cyber Threats, Trends & Technologies Report," Georgia Institute of Technology, p. 28, 2018.
W. R. Flores and M. Ekstedt, "Countermeasures for Social Engineering-based Malware Installation Attacks," in CONF-IRM, 2013, p. 23.
Mr. Hussain Aldawood
School of Electrical Engineering and Computing, University of Newcastle - Australia
Dr. Geoffrey Skinner
School of Electrical Engineering and Computing, University of Newcastle - Australia