Development of Methodical Social Engineering Taxonomy Project

Abstract

Since security is based on trust in authenticity as well as trust in protection, the weakest link in the security chain is often between the keyboard and chair. We have a natural human willingness to accept someone at his or her word. Attacking computer systems via information gained from social interactions is a form of social engineering. Attackers know how much easier it is to trick insiders instead of targeting the complex technological protections of systems. In an effort to formalize social engineering, we are building two models: Trust and Attack. Because social-engineering attacks are complex and typically require multiple visits and targets, these two models can be applied, individually or together, at various times to each individual attack goal.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2006
Accession Number
ADA457544

Entities

People

  • Lena Laribee

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Computer Network Security
  • Computer Programs
  • Computers
  • Cybersecurity
  • Electronic Mail
  • Employment
  • Engineering
  • Human Behavior
  • Information Security
  • Information Systems
  • Malware
  • Psychology
  • Security
  • Social Engineering
  • Test And Evaluation
  • Warfare

Fields of Study

  • Computer science

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Political Violence and Terrorism Studies.
  • Theoretical Analysis.