Louise Leenen

Towards an Ontological Model Defining the Social Engineering Domain

The human is often the weak link in the attainment of Information Security due to their susceptibility to deception and manipulation. Social Engineering refers to the exploitation of humans in order to gain unauthorised access to sensitive information. Although Social Engineering is an important branch of Information Security, the discipline is not well defined; a number of different definitions appear in the literature. Several concepts in the domain of Social Engineering are defined in this paper. This paper also presents an ontological model for Social Engineering attack based on the analysis of existing definitions and taxonomies. An ontology enables the explicit, formal representation of the entities and their inter-relationships within a domain. The aim is both to contribute towards commonly accepted domain definitions, and to develop a representative model for a Social Engineering attack. In summary, this paper provides concrete definitions for Social Engineering, Social Engineering attack and social engineer.

Social engineering attack framework

The field of information security is a fast growing discipline. Even though the effectiveness of security measures to protect sensitive information is increasing, people remain susceptible to manipulation and the human element is thus a weak link. A social engineering attack targets this weakness by using various manipulation techniques in order to elicit sensitive information. The field of social engineering is still in its infancy stages with regards to formal definitions and attack frameworks. This paper proposes a social engineering attack framework based on Kevin Mitnicks social engineering attack cycle. The attack framework addresses shortcomings of Mitnicks social engineering attack cycle and focuses on every step of the social engineering attack from determining the goal of an attack up to the successful conclusion of the attack. The authors use a previously proposed social engineering attack ontological model which provides a formal definition for a social engineering attack. The ontological model contains all the components of a social engineering attack and the social engineering attack framework presented in this paper is able to represent temporal data such as flow and time. Furthermore, this paper demonstrates how historical social engineering attacks can be mapped to the social engineering attack framework. By combining the ontological model and the attack framework, one is able to generate social engineering attack scenarios and to map historical social engineering attacks to a standardised format. Scenario generation and analysis of previous attacks are useful for the development of awareness, training purposes and the development of countermeasures against social engineering attacks.

Social engineering attack examples, templates and scenarios

The field of information security is a fast-growing discipline. Even though the effectiveness of security measures to protect sensitive information is increasing, people remain susceptible to manipulation and thus the human element remains a weak link. A social engineering attack targets this weakness by using various manipulation techniques to elicit sensitive information. The field of social engineering is still in its early stages with regard to formal definitions, attack frameworks and templates of attacks. This paper proposes detailed social engineering attack templates that are derived from real-world social engineering examples. Current documented examples of social engineering attacks do not include all the attack steps and phases. The proposed social engineering attack templates attempt to alleviate the problem of limited documented literature on social engineering attacks by mapping the real-world examples to the social engineering attack framework. Mapping several similar real-world examples to the social engineering attack framework allows one to establish a detailed flow of the attack whilst abstracting subjects and objects. This mapping is then utilised to propose the generalised social engineering attack templates that are representative of real-world examples, whilst still being general enough to encompass several different real-world examples. The proposed social engineering attack templates cover all three types of communication, namely bidirectional communication, unidirectional communication and indirect communication. In order to perform comparative studies of different social engineering models, processes and frameworks, it is necessary to have a formalised set of social engineering attack scenarios that are fully detailed in every phase and step of the process. The social engineering attack templates are converted to social engineering attack scenarios by populating the template with both subjects and objects from real-world examples whilst still maintaining the detailed flow of the attack as provided in the template. Furthermore, this paper illustrates how the social engineering attack scenarios are applied to verify a social engineering attack detection model. These templates and scenarios can be used by other researchers to either expand on, use for comparative measures, create additional examples or evaluate models for completeness. Additionally, the proposed social engineering attack templates can also be used to develop social engineering awareness material.

Implementation of a Cyber Security Policy in South Africa: Reflection on Progress and the Way Forward

Cyber security is an important aspect of National Security and the safekeeping of a Nation’s constituency and resources. In South Africa, the focus on cyber security is especially prominent since many geographical regions are incorporated into the global village in an attempt to bridge the digital divide. This article reflects on current research done in South Africa with regard to a cyber security policy, and proposes the development of methodologies and frameworks that will enable the implementation of such a policy. The focus of this article is the use of an ontology-based methodology to identify and propose a formal, encoded description of the cyber security strategic environment. The aim of the ontology is to identify and represent the multi-layered organisation of players and their associated roles and responsibilities within the cyber security environment. This will contribute largely to the development, implementation and rollout of a national cyber security policy in South Africa.

An Approach to Governance of CyberSecurity in South Africa

A government has the responsibility to provide, regulate and maintain national security, which includes human security for its citizens. Recent declarations from the UK and USA governments about setting up cybersecurity organisations and the appointment of cyber czars reflect a global recognition that the Internet is part of the national critical infrastructure that needs to be safeguarded and protected. Although the South African government approved a draft National Cyber Security Policy Framework in March 2012, the country still needs a national cybersecurity governance structure in order to effectively control and protect its cyber infrastructure. Whilst various structures have been established to deal with cybersecurity in South Africa, they are inadequate and implementation of the policy is still in the very early stages. Structures need to be in place to set the security controls and policies and also to govern their implementation. It is important to have a holistic approach to cybersecurity, with partnerships between business, government and civil society put in place to achieve this goal. This paper investigates different government organisational structures created for the control of national cybersecurity in selected countries of the world. The main contribution is a proposed approach that South Africa could follow in implementing its proposed cybersecurity policy framework, taking into account the challenges of legislation and control of cybersecurity in Africa, and in particular, in South Africa.

Social Engineering Attack Detection Model: SEADMv2

Information security is a fast-growing discipline, and therefore the effectiveness of security measures to protect sensitive information needs to be increased. Since people are generally susceptible to manipulation, humans often prove to be the weak link in the security chain. A social engineering attack targets this weakness by using various manipulation techniques to elicit individuals to perform sensitive requests. The field of social engineering is still in its infancy as far as formal definitions, attack frameworks, examples of attacks and detection models are concerned. This paper therefore proposes a revised version of the Social Engineering Attack Detection Model. The previous model was designed with a call centre environment in mind and is only able to cater for social engineering attacks that use bidirectional communication. Previous research discovered that social engineering attacks can be classified into three different categories, namely attacks that utilise bidirectional communication, unidirectional communication or indirect communication. The proposed (and revised) Social Engineering Attack Detection Model addresses this problem by extending the model to cater for social engineering attacks that use bidirectional communication, unidirectional communication or indirect communication. The revised Social Engineering Attack Detection Model is further verified using published generalised social engineering attack examples from each of the three categories mentioned.

Cybersecurity Capability and Capacity Building for South Africa

Cybersecurity capability and innovation cannot be attained by a single party; researchers, government, private industry and academia should join hands and create public-private partnerships to share their knowledge and create solutions. If South Africa wants to be sufficiently equipped to respond to cyber-threats and to ensure growth in the cybersecurity sector, the country needs to strengthen the pipeline of cyber talent and support the development of a cybersecurity workforce. These requirements provide an opportunity for industry, in collaboration with government and academia, to initiate innovative and exciting approaches to establish cybersecurity and a cybersecurity workforce in South Africa. This paper considers measures for governments, business and academia to alleviate the cyber skills shortage, and pay particular attention to the South African case.

Using an ontology for network attack planning

Copyright: 2015 IGI Global. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publishers website. The definitive version of the work is published in International Journal of Cyber Warfare and Terrorism, 6(3), pp 65-78