执行有效的社会工程渗透测试:定性分析

IF 1.1 Q3 CRIMINOLOGY & PENOLOGY
Kevin F. Steinmetz
{"title":"执行有效的社会工程渗透测试:定性分析","authors":"Kevin F. Steinmetz","doi":"10.1080/19361610.2021.2002119","DOIUrl":null,"url":null,"abstract":"Abstract Penetration testing is an increasingly common strategy adopted by organizations to mitigate security risks including those posed by social engineering—the deception of individuals for the purposes of circumventing information security measures. Drawing from 54 interviews with security auditors, IT professionals, and social engineers, this study explores participant descriptions of the (1) importance of social engineering penetration tests, (2) measurement of assessment outcomes, (3) use of penetration tests as part of security awareness programs, and (4) attitude social engineers should adopt in working with client organizations and their employees. Implications for security research and penetration testing are considered.","PeriodicalId":44585,"journal":{"name":"Journal of Applied Security Research","volume":"18 1","pages":"246 - 266"},"PeriodicalIF":1.1000,"publicationDate":"2021-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Executing Effective Social Engineering Penetration Tests: A Qualitative Analysis\",\"authors\":\"Kevin F. Steinmetz\",\"doi\":\"10.1080/19361610.2021.2002119\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract Penetration testing is an increasingly common strategy adopted by organizations to mitigate security risks including those posed by social engineering—the deception of individuals for the purposes of circumventing information security measures. Drawing from 54 interviews with security auditors, IT professionals, and social engineers, this study explores participant descriptions of the (1) importance of social engineering penetration tests, (2) measurement of assessment outcomes, (3) use of penetration tests as part of security awareness programs, and (4) attitude social engineers should adopt in working with client organizations and their employees. Implications for security research and penetration testing are considered.\",\"PeriodicalId\":44585,\"journal\":{\"name\":\"Journal of Applied Security Research\",\"volume\":\"18 1\",\"pages\":\"246 - 266\"},\"PeriodicalIF\":1.1000,\"publicationDate\":\"2021-11-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Applied Security Research\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1080/19361610.2021.2002119\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"CRIMINOLOGY & PENOLOGY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Applied Security Research","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/19361610.2021.2002119","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"CRIMINOLOGY & PENOLOGY","Score":null,"Total":0}
引用次数: 3

摘要

渗透测试是一种越来越普遍的策略,被组织用来降低安全风险,包括社会工程带来的风险——为了规避信息安全措施而欺骗个人。通过对安全审计员、IT专业人员和社会工程师的54次访谈,本研究探讨了参与者对以下方面的描述:(1)社会工程渗透测试的重要性,(2)评估结果的度量,(3)将渗透测试作为安全意识计划的一部分的使用,以及(4)社会工程师在与客户组织及其员工合作时应采取的态度。考虑了安全研究和渗透测试的含义。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Executing Effective Social Engineering Penetration Tests: A Qualitative Analysis
Abstract Penetration testing is an increasingly common strategy adopted by organizations to mitigate security risks including those posed by social engineering—the deception of individuals for the purposes of circumventing information security measures. Drawing from 54 interviews with security auditors, IT professionals, and social engineers, this study explores participant descriptions of the (1) importance of social engineering penetration tests, (2) measurement of assessment outcomes, (3) use of penetration tests as part of security awareness programs, and (4) attitude social engineers should adopt in working with client organizations and their employees. Implications for security research and penetration testing are considered.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Applied Security Research
Journal of Applied Security Research CRIMINOLOGY & PENOLOGY-
CiteScore
2.90
自引率
15.40%
发文量
35
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信