dc.contributor.advisor |
Venter, LM
|
en |
dc.contributor.advisor |
Eloff, M.M.
|
en |
dc.contributor.author |
Frangopoulos, Evangelos D.
|
en |
dc.date.accessioned |
2009-08-25T11:00:50Z |
|
dc.date.available |
2009-08-25T11:00:50Z |
|
dc.date.issued |
2007-03 |
|
dc.date.submitted |
2007-03-31 |
en |
dc.identifier.citation |
Frangopoulos, Evangelos D. (2007) Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectiveness, University of South Africa, Pretoria, <http://hdl.handle.net/10500/2142> |
en |
dc.identifier.uri |
http://hdl.handle.net/10500/2142 |
|
dc.description.abstract |
As Information Security (IS) standards do not always effectively cater for
Social Engineering (SE) attacks, the expected results of an Information
Security Management System (ISMS), based on such standards, can be
seriously undermined by uncontrolled SE vulnerabilities.
ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of
standard not restricted to technical controls, while encompassing proposals
from other standards and generally-accepted sets of recommendations in the
field.
Following an analysis of key characteristics of SE and based on the study of
Psychological and Social aspects of SE and IS, a detailed examination of
ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its
controls with respect to SE is provided. Furthermore, enhancements to
existing controls and inclusion of new controls aimed at strengthening the
defense against Social Engineering are suggested.
Measurement and quantification issues of IS with respect to SE are also dealt
with. A novel way of assessing the level of Information Assurance in a system
is proposed and sets the basis for future work on this subject. |
en |
dc.format.extent |
1 online resource (xxi, 140 leaves) |
|
dc.language.iso |
en |
en |
dc.subject |
Information assurance |
en |
dc.subject |
Influence |
en |
dc.subject |
Persuasion |
en |
dc.subject |
Actor-network theory |
en |
dc.subject |
Objective reality |
en |
dc.subject |
Subjective reality |
en |
dc.subject |
ISO 27002 |
en |
dc.subject |
ISO 27001 |
en |
dc.subject |
ISO 17799 |
en |
dc.subject |
Security policy |
en |
dc.subject |
Information security |
en |
dc.subject |
Social engineering |
en |
dc.subject.ddc |
005.8 |
|
dc.subject.lcsh |
Social engineering |
|
dc.subject.lcsh |
Data protection |
|
dc.subject.lcsh |
Computer security |
|
dc.title |
Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectiveness |
en |
dc.type |
Dissertation |
en |
dc.description.department |
Information Systems |
en |
dc.description.degree |
M. Sc. (Information Systems) |
en |