An academic review of current industrial and commercial cyber security social engineering solutions

Proceedings of the 3rd International Conference on Cryptography, Security and Privacy Pub Date : 2019-01-19 DOI:10.1145/3309074.3309083

Hussain Aldawood, G. Skinner

{"title":"An academic review of current industrial and commercial cyber security social engineering solutions","authors":"Hussain Aldawood, G. Skinner","doi":"10.1145/3309074.3309083","DOIUrl":null,"url":null,"abstract":"The study aims to assess popular awareness training solutions and techniques used by organizations to defend and mitigate cyber security social engineering threats. Social engineering threats are the most unpredicted threats an organization faces, leading to loss of confidential data, finances, intellectual property, and consumer credibility. Therefore, it is very important that an organization is well prepared to defend its information systems against social engineering threats. Literature in this domain presents various types of contemporary training and awareness solutions used at the corporate level to address social engineering threats, with the most prominent being reviewed in this study. Latest training methods identified in this study include serious games, gamification, virtual labs, tournaments, simulations, and the use of other modern applications. Similarly, current awareness programs that educate against social engineering threats including video streaming, compliances, theme-based trainings, awareness campaigns, and conferences are also included.","PeriodicalId":430283,"journal":{"name":"Proceedings of the 3rd International Conference on Cryptography, Security and Privacy","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-01-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 3rd International Conference on Cryptography, Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3309074.3309083","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 25

Abstract

The study aims to assess popular awareness training solutions and techniques used by organizations to defend and mitigate cyber security social engineering threats. Social engineering threats are the most unpredicted threats an organization faces, leading to loss of confidential data, finances, intellectual property, and consumer credibility. Therefore, it is very important that an organization is well prepared to defend its information systems against social engineering threats. Literature in this domain presents various types of contemporary training and awareness solutions used at the corporate level to address social engineering threats, with the most prominent being reviewed in this study. Latest training methods identified in this study include serious games, gamification, virtual labs, tournaments, simulations, and the use of other modern applications. Similarly, current awareness programs that educate against social engineering threats including video streaming, compliances, theme-based trainings, awareness campaigns, and conferences are also included.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

当前工业和商业网络安全社会工程解决方案的学术综述

该研究旨在评估组织用于防御和减轻网络安全社会工程威胁的流行意识培训解决方案和技术。社会工程威胁是组织面临的最不可预测的威胁，会导致机密数据、财务、知识产权和消费者信誉的损失。因此，组织为保护其信息系统免受社会工程威胁做好充分准备是非常重要的。该领域的文献介绍了在公司层面上使用的各种类型的当代培训和意识解决方案，以解决社会工程威胁，其中最突出的在本研究中进行了回顾。本研究确定的最新训练方法包括严肃游戏、游戏化、虚拟实验室、比赛、模拟和其他现代应用程序的使用。类似地，还包括针对社会工程威胁(包括视频流、法规遵循、基于主题的培训、意识活动和会议)进行教育的当前意识项目。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 3rd International Conference on Cryptography, Security and Privacy

自引率

0.00%

发文量