Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Conceptualising social engineering attacks through system archetypes

Conceptualising social engineering attacks through system archetypes At the highest abstraction level, an attempt by a social engineer to exploit a victim organisation either attempts to achieve some specific target (denial of service, steal an asset, tap some particular information) or it wishes to maximise an outcome, such as to disable the organisation by a terrorist attack or establish a permanent parasitic relationship (long-term espionage). Seen as dynamic processes, the first kind of exploit is a controlling ('balancing') feedback loop, while the second kind is a reinforcing feedback loop. Each type of exploit meets a first line of defence in control processes or in escalating ('reinforcing') processes of resistance. The possible combinations of the two modes of attack and the two modes of defence yield four archetypes of exploit and natural defence. Predictably, the social engineer would seek to outsmart the first line of defence; it is shown that each archetype implies a particular strategy to do so. Anticipation of these modes of attack must be the starting point for an effective multilayered defence against social engineering attacks. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png International Journal of System of Systems Engineering Inderscience Publishers

Conceptualising social engineering attacks through system archetypes

Loading next page...
 
/lp/inderscience-publishers/conceptualising-social-engineering-attacks-through-system-archetypes-pENiQMV9nm

References

References for this paper are not available at this time. We will be adding them shortly, thank you for your patience.

Publisher
Inderscience Publishers
Copyright
Copyright © Inderscience Enterprises Ltd. All rights reserved
ISSN
1748-0671
eISSN
1748-068X
DOI
10.1504/IJSSE.2008.018134
Publisher site
See Article on Publisher Site

Abstract

At the highest abstraction level, an attempt by a social engineer to exploit a victim organisation either attempts to achieve some specific target (denial of service, steal an asset, tap some particular information) or it wishes to maximise an outcome, such as to disable the organisation by a terrorist attack or establish a permanent parasitic relationship (long-term espionage). Seen as dynamic processes, the first kind of exploit is a controlling ('balancing') feedback loop, while the second kind is a reinforcing feedback loop. Each type of exploit meets a first line of defence in control processes or in escalating ('reinforcing') processes of resistance. The possible combinations of the two modes of attack and the two modes of defence yield four archetypes of exploit and natural defence. Predictably, the social engineer would seek to outsmart the first line of defence; it is shown that each archetype implies a particular strategy to do so. Anticipation of these modes of attack must be the starting point for an effective multilayered defence against social engineering attacks.

Journal

International Journal of System of Systems EngineeringInderscience Publishers

Published: Jan 1, 2008

There are no references for this article.