Executing Effective Social Engineering Penetration Tests: A Qualitative Analysis

IF 1.1 Q3 CRIMINOLOGY & PENOLOGY

Journal of Applied Security Research Pub Date : 2021-11-14 DOI:10.1080/19361610.2021.2002119

Kevin F. Steinmetz

引用次数: 3

Abstract

Abstract Penetration testing is an increasingly common strategy adopted by organizations to mitigate security risks including those posed by social engineering—the deception of individuals for the purposes of circumventing information security measures. Drawing from 54 interviews with security auditors, IT professionals, and social engineers, this study explores participant descriptions of the (1) importance of social engineering penetration tests, (2) measurement of assessment outcomes, (3) use of penetration tests as part of security awareness programs, and (4) attitude social engineers should adopt in working with client organizations and their employees. Implications for security research and penetration testing are considered.

查看原文本刊更多论文

执行有效的社会工程渗透测试:定性分析

渗透测试是一种越来越普遍的策略，被组织用来降低安全风险，包括社会工程带来的风险——为了规避信息安全措施而欺骗个人。通过对安全审计员、IT专业人员和社会工程师的54次访谈，本研究探讨了参与者对以下方面的描述:(1)社会工程渗透测试的重要性，(2)评估结果的度量，(3)将渗透测试作为安全意识计划的一部分的使用，以及(4)社会工程师在与客户组织及其员工合作时应采取的态度。考虑了安全研究和渗透测试的含义。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Applied Security Research CRIMINOLOGY & PENOLOGY-

CiteScore

2.90

自引率

15.40%

发文量