Institutional Repository

Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectiveness

Show simple item record

dc.contributor.advisor Venter, LM en
dc.contributor.advisor Eloff, M.M. en
dc.contributor.author Frangopoulos, Evangelos D. en
dc.date.accessioned 2009-08-25T11:00:50Z
dc.date.available 2009-08-25T11:00:50Z
dc.date.issued 2007-03
dc.date.submitted 2007-03-31 en
dc.identifier.citation Frangopoulos, Evangelos D. (2007) Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectiveness, University of South Africa, Pretoria, <http://hdl.handle.net/10500/2142> en
dc.identifier.uri http://hdl.handle.net/10500/2142
dc.description.abstract As Information Security (IS) standards do not always effectively cater for Social Engineering (SE) attacks, the expected results of an Information Security Management System (ISMS), based on such standards, can be seriously undermined by uncontrolled SE vulnerabilities. ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of standard not restricted to technical controls, while encompassing proposals from other standards and generally-accepted sets of recommendations in the field. Following an analysis of key characteristics of SE and based on the study of Psychological and Social aspects of SE and IS, a detailed examination of ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its controls with respect to SE is provided. Furthermore, enhancements to existing controls and inclusion of new controls aimed at strengthening the defense against Social Engineering are suggested. Measurement and quantification issues of IS with respect to SE are also dealt with. A novel way of assessing the level of Information Assurance in a system is proposed and sets the basis for future work on this subject. en
dc.format.extent 1 online resource (xxi, 140 leaves)
dc.language.iso en en
dc.subject Information assurance en
dc.subject Influence en
dc.subject Persuasion en
dc.subject Actor-network theory en
dc.subject Objective reality en
dc.subject Subjective reality en
dc.subject ISO 27002 en
dc.subject ISO 27001 en
dc.subject ISO 17799 en
dc.subject Security policy en
dc.subject Information security en
dc.subject Social engineering en
dc.subject.ddc 005.8
dc.subject.lcsh Social engineering
dc.subject.lcsh Data protection
dc.subject.lcsh Computer security
dc.title Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectiveness en
dc.type Dissertation en
dc.description.department Information Systems en
dc.description.degree M. Sc. (Information Systems) en


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UnisaIR


Browse

My Account

Statistics