dc.description.abstract |
Social Engineering (SE) attacks exploit vulnerabilities that are based on principles of human psychology. In conjunction with loopholes in the security structure of the organisation, these attacks can yield results that would be difficult, if not impossible, to obtain through the use of purely technical hacking methods. As SE attacks are based on deception, they are very difficult to categorise. Hence, designing countermeasures for them is even more difficult and as such, to this day, provisions present in current security standards and best practices against SE methods are limited, indirect and rather inadequate. Thus, a more fundamental approach is called for, if effective defense methods are to be devised. The current analysis of the psychological aspects of SE forms part of a larger effort to identify the risks emerging from the largely non-technical issues of Information Security (IS) and devise methods for their mitigation. To this end, the notion of the ψ-wall is introduced. © 2010 IADIS. |
en |