Gahler, Tristan (2023)
Navigating the Social Engineering Landscape:
Safeguarding Industry Networks through Diverse IT-Security Measures.
Technische Universität Darmstadt
doi: 10.26083/tuprints-00026458
Masterarbeit, Erstveröffentlichung, Verlagsversion
Kurzbeschreibung (Abstract)
Social engineering, rooted in the manipulation of human psychology, is a pervasive and ever-evolving threat to information security. This comprehensive examination seeks to educate and equip companies of all sizes with the knowledge and strategies necessary to defend against this multifaceted threat. Our journey commences with a foundational definition of social engineering and progresses into an exploration of the attack cycle andtaxonomy for both attackers and attack vectors, before we analyze the different attack patterns themselves. As we progress, our research uncovers the psychological vulnerabilities and behavioral factors that render individuals susceptible to these attacks. It also delves into the complex realm of demographics, offering insights into the contradictions found in existing research within this field. Defending against social engineering requires a multifaceted approach. Our work emphasizes the pivotal role of robust security policies, the utility of serious games in security education and goal elicitation, and the development of effective training methods that foster security-conscious behaviors. Ethical implications are considered throughout our examination, encompassing the need for ethical demographics research aimed at preventing discrimination and the ethical conduct of penetration tests to safeguard employee rights and dignity. Furthermore, we highlight the significance of disaster recovery strategies as a critical component of defense, mitigating the potential fallout of social engineering attacks. Our research concludes with the presentation of tailored best practices for organizations committed to securing their environments against the backdrop of social engineering threats. In summary, we acknowledge that social engineering remains a dynamic challenge. This exploration underscores the significance of interdisciplinary, holistic tactics that encompass education, policy implementation, advanced technology, and ethical considerations. Collectively, these elements bolster organizational defenses, safeguarding the most valuable assets—both people and data. Our research emphasizes the need for continuous adaptation and underscores the importance of effective security training and awareness programs for employees in confronting the ever-shifting landscape of social engineering threats.
Typ des Eintrags: | Masterarbeit | ||||
---|---|---|---|---|---|
Erschienen: | 2023 | ||||
Autor(en): | Gahler, Tristan | ||||
Art des Eintrags: | Erstveröffentlichung | ||||
Titel: | Navigating the Social Engineering Landscape: Safeguarding Industry Networks through Diverse IT-Security Measures | ||||
Sprache: | Englisch | ||||
Publikationsjahr: | 22 Dezember 2023 | ||||
Ort: | Darmstadt | ||||
Kollation: | 74, xiii Seiten | ||||
Datum der mündlichen Prüfung: | 27 November 2023 | ||||
DOI: | 10.26083/tuprints-00026458 | ||||
URL / URN: | https://tuprints.ulb.tu-darmstadt.de/26458 | ||||
Kurzbeschreibung (Abstract): | Social engineering, rooted in the manipulation of human psychology, is a pervasive and ever-evolving threat to information security. This comprehensive examination seeks to educate and equip companies of all sizes with the knowledge and strategies necessary to defend against this multifaceted threat. Our journey commences with a foundational definition of social engineering and progresses into an exploration of the attack cycle andtaxonomy for both attackers and attack vectors, before we analyze the different attack patterns themselves. As we progress, our research uncovers the psychological vulnerabilities and behavioral factors that render individuals susceptible to these attacks. It also delves into the complex realm of demographics, offering insights into the contradictions found in existing research within this field. Defending against social engineering requires a multifaceted approach. Our work emphasizes the pivotal role of robust security policies, the utility of serious games in security education and goal elicitation, and the development of effective training methods that foster security-conscious behaviors. Ethical implications are considered throughout our examination, encompassing the need for ethical demographics research aimed at preventing discrimination and the ethical conduct of penetration tests to safeguard employee rights and dignity. Furthermore, we highlight the significance of disaster recovery strategies as a critical component of defense, mitigating the potential fallout of social engineering attacks. Our research concludes with the presentation of tailored best practices for organizations committed to securing their environments against the backdrop of social engineering threats. In summary, we acknowledge that social engineering remains a dynamic challenge. This exploration underscores the significance of interdisciplinary, holistic tactics that encompass education, policy implementation, advanced technology, and ethical considerations. Collectively, these elements bolster organizational defenses, safeguarding the most valuable assets—both people and data. Our research emphasizes the need for continuous adaptation and underscores the importance of effective security training and awareness programs for employees in confronting the ever-shifting landscape of social engineering threats. |
||||
Alternatives oder übersetztes Abstract: |
|
||||
Freie Schlagworte: | Social Engineering, IT Security, Serious Games, Influencing People, Interdisciplinarity in IT, Security Policies, Ethics | ||||
Status: | Verlagsversion | ||||
URN: | urn:nbn:de:tuda-tuprints-264588 | ||||
Sachgruppe der Dewey Dezimalklassifikatin (DDC): | 000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik | ||||
Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Didaktik der Informatik |
||||
Hinterlegungsdatum: | 22 Dez 2023 13:04 | ||||
Letzte Änderung: | 03 Jan 2024 10:01 | ||||
PPN: | |||||
Datum der mündlichen Prüfung / Verteidigung / mdl. Prüfung: | 27 November 2023 | ||||
Export: | |||||
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |