António Lopes, H. Mamede, Leonilde Reis, Arnaldo Santos
{"title":"社会工程学的常用技术、成功攻击因素和障碍:系统文献综述","authors":"António Lopes, H. Mamede, Leonilde Reis, Arnaldo Santos","doi":"10.28991/esj-2024-08-02-025","DOIUrl":null,"url":null,"abstract":"Knowledge of Social Engineering is crucial to prevent potential attacks related to organizational Information Security. The objective of this paper aims to identify the most common social engineering techniques, success attack factors, and obstacles, as well as the good practices and frameworks that could be adopted concerning their mitigation. As an analysis methodology, a Systematic Literature Review was carried out. The findings revealed that the discussion about SE attacks has increased and that the most imminent threat is phishing. Exploiting human vulnerabilities is a growing threat when the attack is not carried out directly through technical means. There continue to be more technical attacks than non-technical attacks. Encouraging organizational security prevention, like training, education, technical controls, process development, defense in detail, and the development of security policies, should be considered mitigating factors for the negative impact of SE attacks. Most SE frameworks/models are focused on attack techniques and methods, mostly on technical components, decorating human factor. As a novelty, we found the opportunity to develop a new framework that could improve coverage of the gaps found, supported on security international standards, that could help and support researchers in developing their work, understanding open research topics, and providing a clearer understanding of this type of threat. Doi: 10.28991/ESJ-2024-08-02-025 Full Text: PDF","PeriodicalId":11586,"journal":{"name":"Emerging Science Journal","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Common Techniques, Success Attack Factors and Obstacles to Social Engineering: A Systematic Literature Review\",\"authors\":\"António Lopes, H. Mamede, Leonilde Reis, Arnaldo Santos\",\"doi\":\"10.28991/esj-2024-08-02-025\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Knowledge of Social Engineering is crucial to prevent potential attacks related to organizational Information Security. The objective of this paper aims to identify the most common social engineering techniques, success attack factors, and obstacles, as well as the good practices and frameworks that could be adopted concerning their mitigation. As an analysis methodology, a Systematic Literature Review was carried out. The findings revealed that the discussion about SE attacks has increased and that the most imminent threat is phishing. Exploiting human vulnerabilities is a growing threat when the attack is not carried out directly through technical means. There continue to be more technical attacks than non-technical attacks. Encouraging organizational security prevention, like training, education, technical controls, process development, defense in detail, and the development of security policies, should be considered mitigating factors for the negative impact of SE attacks. Most SE frameworks/models are focused on attack techniques and methods, mostly on technical components, decorating human factor. As a novelty, we found the opportunity to develop a new framework that could improve coverage of the gaps found, supported on security international standards, that could help and support researchers in developing their work, understanding open research topics, and providing a clearer understanding of this type of threat. Doi: 10.28991/ESJ-2024-08-02-025 Full Text: PDF\",\"PeriodicalId\":11586,\"journal\":{\"name\":\"Emerging Science Journal\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Emerging Science Journal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.28991/esj-2024-08-02-025\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"Multidisciplinary\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Emerging Science Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.28991/esj-2024-08-02-025","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Multidisciplinary","Score":null,"Total":0}
引用次数: 0
摘要
社会工程学知识对于防止与组织信息安全有关的潜在攻击至关重要。本文旨在确定最常见的社会工程学技术、成功攻击因素和障碍,以及在缓解这些问题方面可采用的良好做法和框架。作为分析方法,本文进行了系统的文献综述。研究结果表明,关于社会性攻击的讨论越来越多,而最紧迫的威胁是网络钓鱼。当攻击不是直接通过技术手段进行时,利用人的弱点是一种日益严重的威胁。技术攻击仍然多于非技术攻击。鼓励组织安全预防,如培训、教育、技术控制、流程开发、细节防御和制定安全策略,应被视为减轻 SE 攻击负面影响的因素。大多数 SE 框架/模型都侧重于攻击技术和方法,主要是技术部分,而忽略了人的因素。作为一个新事物,我们发现有机会开发一个新的框架,该框架可以在安全国际标准的支持下,改善所发现差距的覆盖范围,帮助和支持研究人员开展工作,了解开放式研究课题,并提供对此类威胁的更清晰的认识。Doi: 10.28991/ESJ-2024-08-02-025 全文:PDF
Common Techniques, Success Attack Factors and Obstacles to Social Engineering: A Systematic Literature Review
Knowledge of Social Engineering is crucial to prevent potential attacks related to organizational Information Security. The objective of this paper aims to identify the most common social engineering techniques, success attack factors, and obstacles, as well as the good practices and frameworks that could be adopted concerning their mitigation. As an analysis methodology, a Systematic Literature Review was carried out. The findings revealed that the discussion about SE attacks has increased and that the most imminent threat is phishing. Exploiting human vulnerabilities is a growing threat when the attack is not carried out directly through technical means. There continue to be more technical attacks than non-technical attacks. Encouraging organizational security prevention, like training, education, technical controls, process development, defense in detail, and the development of security policies, should be considered mitigating factors for the negative impact of SE attacks. Most SE frameworks/models are focused on attack techniques and methods, mostly on technical components, decorating human factor. As a novelty, we found the opportunity to develop a new framework that could improve coverage of the gaps found, supported on security international standards, that could help and support researchers in developing their work, understanding open research topics, and providing a clearer understanding of this type of threat. Doi: 10.28991/ESJ-2024-08-02-025 Full Text: PDF