A layered defense mechanism for a social engineering aware perimeter

Kavinga Yapa Abeywardana; Eckhard Pfluegel; Martin Tunnicliffe

doi:10.1109/SAI.2016.7556108

A layered defense mechanism for a social engineering aware perimeter

Kavinga Yapa Abeywardana, Eckhard Pfluegel, Martin Tunnicliffe

Research output: Contribution to conference › Paper › peer-review

Abstract

While many cyber security organizations urge the corporate world to use defence-in-depth to create vigilant network perimeters, the human factor is often overlooked. Security evaluation frameworks focus mostly on critical assets of an organization and technical aspects of prevailing risks. There is consequently no specific framework to identify, categorize, analyse and mitigate social engineering related risks. This paper identifies the requirement for such a framework through an in-depth investigation of an actual organization and extensive analysis of existing methodologies. On the basis of this a layered defence strategy SERA is developed, starting with the basic building blocks for social-engineering aware risk analysis. A chronological attack classification framework is presented as an enhancement of existing frameworks on social engineering.

Original language	English
DOIs	https://doi.org/10.1109/SAI.2016.7556108
Publication status	Published - 15 Jul 2016
Event	SAI Computing Conference (SAI), 2016 - London, U.K. Duration: 13 Jul 2016 → 15 Jul 2016

Conference

Conference	SAI Computing Conference (SAI), 2016
Period	13/07/16 → 15/07/16

Bibliographical note

Note: Published in: Proceedings of 2016 SAI Computing Conference 2016, London : IEEE, pp. 1054-1062. ISBN: 9781467384605

Organising Body: IEEE

Keywords

Computer science and informatics

Access to Document

10.1109/SAI.2016.7556108

http://dx.doi.org/10.1109/SAI.2016.7556108

Cite this

@conference{8bff7b410acd49da8f9a7e028ad95751,

title = "A layered defense mechanism for a social engineering aware perimeter",

abstract = "While many cyber security organizations urge the corporate world to use defence-in-depth to create vigilant network perimeters, the human factor is often overlooked. Security evaluation frameworks focus mostly on critical assets of an organization and technical aspects of prevailing risks. There is consequently no specific framework to identify, categorize, analyse and mitigate social engineering related risks. This paper identifies the requirement for such a framework through an in-depth investigation of an actual organization and extensive analysis of existing methodologies. On the basis of this a layered defence strategy SERA is developed, starting with the basic building blocks for social-engineering aware risk analysis. A chronological attack classification framework is presented as an enhancement of existing frameworks on social engineering.",

keywords = "Computer science and informatics",

author = "Abeywardana, \{Kavinga Yapa\} and Eckhard Pfluegel and Martin Tunnicliffe",

note = "Note: Published in: Proceedings of 2016 SAI Computing Conference 2016, London : IEEE, pp. 1054-1062. ISBN: 9781467384605 Organising Body: IEEE; SAI Computing Conference (SAI), 2016 ; Conference date: 13-07-2016 Through 15-07-2016",

year = "2016",

month = jul,

day = "15",

doi = "10.1109/SAI.2016.7556108",

language = "English",

}

TY - CONF

T1 - A layered defense mechanism for a social engineering aware perimeter

AU - Abeywardana, Kavinga Yapa

AU - Pfluegel, Eckhard

AU - Tunnicliffe, Martin

N1 - Note: Published in: Proceedings of 2016 SAI Computing Conference 2016, London : IEEE, pp. 1054-1062. ISBN: 9781467384605 Organising Body: IEEE

PY - 2016/7/15

Y1 - 2016/7/15

N2 - While many cyber security organizations urge the corporate world to use defence-in-depth to create vigilant network perimeters, the human factor is often overlooked. Security evaluation frameworks focus mostly on critical assets of an organization and technical aspects of prevailing risks. There is consequently no specific framework to identify, categorize, analyse and mitigate social engineering related risks. This paper identifies the requirement for such a framework through an in-depth investigation of an actual organization and extensive analysis of existing methodologies. On the basis of this a layered defence strategy SERA is developed, starting with the basic building blocks for social-engineering aware risk analysis. A chronological attack classification framework is presented as an enhancement of existing frameworks on social engineering.

AB - While many cyber security organizations urge the corporate world to use defence-in-depth to create vigilant network perimeters, the human factor is often overlooked. Security evaluation frameworks focus mostly on critical assets of an organization and technical aspects of prevailing risks. There is consequently no specific framework to identify, categorize, analyse and mitigate social engineering related risks. This paper identifies the requirement for such a framework through an in-depth investigation of an actual organization and extensive analysis of existing methodologies. On the basis of this a layered defence strategy SERA is developed, starting with the basic building blocks for social-engineering aware risk analysis. A chronological attack classification framework is presented as an enhancement of existing frameworks on social engineering.

KW - Computer science and informatics

UR - http://ieeexplore.ieee.org/document/7556108/

U2 - 10.1109/SAI.2016.7556108

DO - 10.1109/SAI.2016.7556108

M3 - Paper

T2 - SAI Computing Conference (SAI), 2016

Y2 - 13 July 2016 through 15 July 2016

ER -

A layered defense mechanism for a social engineering aware perimeter

Abstract

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

A layered defense mechanism for a social engineering aware perimeter

Cite this