A1 Refereed original research article in a scientific journal
Dissecting social engineering
Authors: Tetri P, Vuorinen J
Publisher: TAYLOR & FRANCIS LTD
Publication year: 2013
Journal: Behaviour and Information Technology
Journal name in source: BEHAVIOUR & INFORMATION TECHNOLOGY
Journal acronym: BEHAV INFORM TECHNOL
Number in series: 10
Volume: 32
Issue: 10
First page : 1014
Last page: 1023
Number of pages: 10
ISSN: 0144-929X
DOI: https://doi.org/10.1080/0144929X.2013.763860
Abstract
In information security terms, social engineering (SE) refers to incidents in which an information system is penetrated through the use of social methods. The literature to date (40 texts), which was reviewed for this article, emphasises individual techniques in its description of SE. This leads to a very scattered, anecdotal, and vague notion of SE. In addition, due to the lack of analytical concepts, research conducted on SE encounters difficulties in explaining the success of SE. In such explanations, the victim's psychological traits are overemphasised, although this kind of explanation can cover only a small portion of SE cases. In this article, we have sought to elaborate the concept of SE through analysis of the functions of different techniques. In this way, we have been able to extrapolate three dimensions of SE: persuasion, fabrication, and data gathering. By utilising these dimensions, SE can be grasped in all its aspects instead of through individual techniques. Furthermore, research can benefit from our multidimensional approach as each of the dimensions pertains to a different theory. Therefore, the victim's personal traits cannot function as the only explanation. All in all, the analysis, understanding, and explanation of the success of SE can be furthered using our new approach.
In information security terms, social engineering (SE) refers to incidents in which an information system is penetrated through the use of social methods. The literature to date (40 texts), which was reviewed for this article, emphasises individual techniques in its description of SE. This leads to a very scattered, anecdotal, and vague notion of SE. In addition, due to the lack of analytical concepts, research conducted on SE encounters difficulties in explaining the success of SE. In such explanations, the victim's psychological traits are overemphasised, although this kind of explanation can cover only a small portion of SE cases. In this article, we have sought to elaborate the concept of SE through analysis of the functions of different techniques. In this way, we have been able to extrapolate three dimensions of SE: persuasion, fabrication, and data gathering. By utilising these dimensions, SE can be grasped in all its aspects instead of through individual techniques. Furthermore, research can benefit from our multidimensional approach as each of the dimensions pertains to a different theory. Therefore, the victim's personal traits cannot function as the only explanation. All in all, the analysis, understanding, and explanation of the success of SE can be furthered using our new approach.
UTU Research Portal