Affiliation:
1. University of KwaZulu-Natal, South Africa
Abstract
Social engineering refers to the art of using deception and manipulating individuals to gain access to systems or information assets and subsequently compromising these systems and information assets. Information security must provide protection to the confidentiality, integrity, and availability of information. In order to mitigate information security's weakest link, it becomes necessary to understand the ways in which human behavior can be exploited via social engineering. This chapter will seek to analyze the role of social engineering in information security breaches and the factors that contribute to its success. A variety of social engineering attacks, impacts, and mitigations will be discussed. Human factors such as trust, obedience, and fear are easily exploited, thereby allowing social engineers to execute successful attacks. However, with effective countermeasures such as information security awareness training, education, and audit procedures, the impacts of social engineering can be decreased or eliminated altogether.
Reference48 articles.
1. An overview of social engineering malware: Trends, tactics, and implications
2. Allen, M. (2006). Social engineering: A means to violate a computer system. SANS Institute, InfoSec Reading Room. Retrieved from: http://www.sans.org/reading-room/whitepapers/engineering/social-engineering-means-
3. Applegate, S. D. (2009). Social Engineering: Hacking the Wetware! Information Security Journal: A Global Perspective, 18(1), 40-46.
4. Bezuidenhout, M., Mouton, F., & Venter, H. S. (2010). Social engineering attack detection model: SEADM. In Information Security for South Africa (ISSA), (pp. 1-8). IEEE.
5. The persuasion and security awareness experiment: reducing the success of social engineering attacks