The social engineering personality framework

Publikationstyp
Conference Paper
Date Issued
2014
Sprache
English
Author(s)
Übelacker, Sven  orcid-logo
Quiel, Susanne  
Institut
Sicherheit in verteilten Anwendungen E-15  
TORE-DOI
10.15480/882.1212
TORE-URI
http://tubdok.tub.tuhh.de/handle/11420/1214
Citation
2014 Workshop on Socio-Technical Aspects in Security and Trust (STAST), Vienna, IEEE, pp. 24 - 30
Publisher DOI
10.1109/STAST.2014.12
Scopus ID
2-s2.0-84920717701
We explore Information and Communication Technology (ICT) security in a socio-technical world and focus in particular on the susceptibility to social engineering attacks. We pursue the question if and how personality traits influence this susceptibility. We use Cialdini's principles of influence to categorise social engineering attacks. First we show with a comprehensive literature review how existent research approaches social engineering susceptibility. Based on this review we construct suggestions for plausible relations between personality traits of the Five-Factor Model (Big 5) and the principles of influence. We propose our -- at this stage theory-based -- "Social Engineering Personality Framework" (SEPF) which we will evaluate in future empiric research. The characteristics of victims' personality traits in the SEPF will support and guide security researchers and practitioners in developing detection, mitigation, and prevention strategies while dealing with human factors in social engineering attacks.
Subjects
social engineering
socio-technical security
human factors
insider threat
personality traits
DDC Class
620: Ingenieurwissenschaften
Funding(s)
TREsPASS  
Lizenz
http://doku.b.tu-harburg.de/doku/lic_ohne_pod.php
Loading...
Thumbnail Image
Name

2014.STAST.Uebelacker_Quiel_The_Social_Engineering_Personality_Framework.accepted_version.pdf

Size

123.36 KB

Format

Adobe PDF