Publication
Improving social engineering resilience in enterprises
| dc.contributor.author | Ribeiro, Ricardo | |
| dc.contributor.author | Mateus-Coelho, Nuno | |
| dc.contributor.author | São Mamede, Henrique | |
| dc.date.accessioned | 2024-11-11T11:37:38Z | |
| dc.date.available | 2024-11-11T11:37:38Z | |
| dc.date.issued | 2023-08 | |
| dc.description.abstract | Social Engineering pose a significant problem for enterprises. Cybercriminals continue developing new and sophisticated methods to trick individuals into disclosing confidential information or granting unauthorized access to infrastructure systems. These attacks remain a significant threat to enterprise systems despite significant investments in technical architecture and security measures. User awareness training and other behavioral interventions are critical for improving Social Engineering resilience. Training and education programs for users are crucial in reducing the probability of these attacks. Compliance with security policies and procedures is significantly improved through education-based training. A security culture involving all stakeholders is also essential, as open, and honest communication from management can increase user awareness of potential threats. Emotional biases such as fear, trust, and curiosity also impact susceptibility to attacks, but personal traits that make individuals vulnerable require further investigation. This paper aims to research and identify effective interventions that improve SE resilience, addressing objectives such as examining the literature on behavioral, technical, and organizational by performing an SLR of factors that contribute to SE attacks in enterprises and their impact on cyber security and semi-structured interviews to give voice to employees on several vital roles, leveraging this way a theoretical and practical understanding on the difficulties and solutions enterprises face constantly. Furthermore, the objective is also to investigate the effectiveness of different enterprise interventions to improve SE resilience, including user awareness training, technical controls (filtering and monitoring), and organizational strategies (security culture interventions), and to identify factors that increase or prevent the success of these interventions and how they interact with each other to improve SE resilience. Therefore, it aims to provide a comprehensive assessment of the state of knowledge in this field and propose a framework by identifying best practices for improving Social Engineering resilience in organizations while supporting the development of new research studies to address this subject. Its goal is to help enterprises of any size leverage this framework to reduce the risk of successful Social Engineering attacks and improve their culture of security awareness. | pt_PT |
| dc.description.version | info:eu-repo/semantics/publishedVersion | pt_PT |
| dc.identifier.citation | Ribeiro, R., N. Mateus-Coelho, and H. Mamede. “Improving Social Engineering Resilience In Enterprises”. ARIS2 - Advanced Research on Information Systems Security, vol. 3, no. 1, Aug. 2023, pp. 34-65, doi:10.56394/aris2.v3i1.30. | pt_PT |
| dc.identifier.doi | 10.56394/aris2.v3i1.30 | pt_PT |
| dc.identifier.issn | 2795-4609 | |
| dc.identifier.uri | http://hdl.handle.net/10400.2/16759 | |
| dc.language.iso | eng | pt_PT |
| dc.peerreviewed | yes | pt_PT |
| dc.publisher | LAPI2S - Laboratory of Privacy and Information Systems Security | pt_PT |
| dc.relation.publisherversion | https://aris-journal.com/aris/index.php/journal/article/view/30 | pt_PT |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | pt_PT |
| dc.subject | Social engineering | pt_PT |
| dc.subject | Human behavior | pt_PT |
| dc.subject | Personal traits | pt_PT |
| dc.subject | Security architecture | pt_PT |
| dc.title | Improving social engineering resilience in enterprises | pt_PT |
| dc.type | journal article | |
| dspace.entity.type | Publication | |
| oaire.citation.endPage | 65 | pt_PT |
| oaire.citation.issue | 1 | pt_PT |
| oaire.citation.startPage | 34 | pt_PT |
| oaire.citation.title | ARIS2 - Advanced Research on Information Systems Security | pt_PT |
| oaire.citation.volume | 3 | pt_PT |
| person.familyName | Mateus-Coelho | |
| person.familyName | São Mamede | |
| person.givenName | Nuno | |
| person.givenName | Henrique | |
| person.identifier | R-002-0P0 | |
| person.identifier.ciencia-id | A514-DAF9-ECB2 | |
| person.identifier.ciencia-id | 7F17-9DAD-C007 | |
| person.identifier.orcid | 0000-0001-5517-9181 | |
| person.identifier.orcid | 0000-0002-5383-9884 | |
| person.identifier.rid | D-7228-2018 | |
| person.identifier.scopus-author-id | 57223338541 | |
| person.identifier.scopus-author-id | 36458782500 | |
| rcaap.rights | openAccess | pt_PT |
| rcaap.type | article | pt_PT |
| relation.isAuthorOfPublication | ed974389-b8e6-4a8f-8b88-c95f6e32c58f | |
| relation.isAuthorOfPublication | 86fd6131-eed5-42be-9639-9466ddf680ab | |
| relation.isAuthorOfPublication.latestForDiscovery | 86fd6131-eed5-42be-9639-9466ddf680ab |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- Improving+Social+Engineering+Resilience+in+Enterprises.pdf
- Size:
- 662.47 KB
- Format:
- Adobe Portable Document Format
License bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- license.txt
- Size:
- 1.97 KB
- Format:
- Item-specific license agreed upon to submission
- Description: