Executing Effective Social Engineering Penetration Tests: A Qualitative Analysis

IF 1.1 Q3 CRIMINOLOGY & PENOLOGY Journal of Applied Security Research Pub Date : 2021-11-14 DOI:10.1080/19361610.2021.2002119
Kevin F. Steinmetz
{"title":"Executing Effective Social Engineering Penetration Tests: A Qualitative Analysis","authors":"Kevin F. Steinmetz","doi":"10.1080/19361610.2021.2002119","DOIUrl":null,"url":null,"abstract":"Abstract Penetration testing is an increasingly common strategy adopted by organizations to mitigate security risks including those posed by social engineering—the deception of individuals for the purposes of circumventing information security measures. Drawing from 54 interviews with security auditors, IT professionals, and social engineers, this study explores participant descriptions of the (1) importance of social engineering penetration tests, (2) measurement of assessment outcomes, (3) use of penetration tests as part of security awareness programs, and (4) attitude social engineers should adopt in working with client organizations and their employees. Implications for security research and penetration testing are considered.","PeriodicalId":44585,"journal":{"name":"Journal of Applied Security Research","volume":"18 1","pages":"246 - 266"},"PeriodicalIF":1.1000,"publicationDate":"2021-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Applied Security Research","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/19361610.2021.2002119","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"CRIMINOLOGY & PENOLOGY","Score":null,"Total":0}
引用次数: 3

Abstract

Abstract Penetration testing is an increasingly common strategy adopted by organizations to mitigate security risks including those posed by social engineering—the deception of individuals for the purposes of circumventing information security measures. Drawing from 54 interviews with security auditors, IT professionals, and social engineers, this study explores participant descriptions of the (1) importance of social engineering penetration tests, (2) measurement of assessment outcomes, (3) use of penetration tests as part of security awareness programs, and (4) attitude social engineers should adopt in working with client organizations and their employees. Implications for security research and penetration testing are considered.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
执行有效的社会工程渗透测试:定性分析
渗透测试是一种越来越普遍的策略,被组织用来降低安全风险,包括社会工程带来的风险——为了规避信息安全措施而欺骗个人。通过对安全审计员、IT专业人员和社会工程师的54次访谈,本研究探讨了参与者对以下方面的描述:(1)社会工程渗透测试的重要性,(2)评估结果的度量,(3)将渗透测试作为安全意识计划的一部分的使用,以及(4)社会工程师在与客户组织及其员工合作时应采取的态度。考虑了安全研究和渗透测试的含义。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Journal of Applied Security Research
Journal of Applied Security Research CRIMINOLOGY & PENOLOGY-
CiteScore
2.90
自引率
15.40%
发文量
35
期刊最新文献
Campus Security and Crime Prevention: A View from a Police Chief with a Ph.D. in Criminology Privacy, Data Protection and Cyber Crimes: Mapping Perceptions of Pakistani Users Theoretical and Experimental Framework for Estimating Cyber Victimization Risk in a Hybrid Physical-Virtual World Cybersecurity Risk Management Scenarios for Teaching Information Security Management The Rise of #Cartels: Exploring the Organizational Operations and Messaging of Public Perception on Twitter
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1