Gahler, Tristan (2023)
Navigating the Social Engineering Landscape: Safeguarding Industry Networks through Diverse IT-Security Measures.
Technische Universität Darmstadt
doi: 10.26083/tuprints-00026458
Master Thesis, Primary publication, Publisher's Version
Text
Gahler_Masterthesis.pdf Copyright Information: CC BY 4.0 International - Creative Commons, Attribution. Download (2MB) |
Item Type: | Master Thesis | ||||
---|---|---|---|---|---|
Type of entry: | Primary publication | ||||
Title: | Navigating the Social Engineering Landscape: Safeguarding Industry Networks through Diverse IT-Security Measures | ||||
Language: | English | ||||
Date: | 22 December 2023 | ||||
Place of Publication: | Darmstadt | ||||
Collation: | 74, xiii Seiten | ||||
Date of oral examination: | 27 November 2023 | ||||
DOI: | 10.26083/tuprints-00026458 | ||||
Abstract: | Social engineering, rooted in the manipulation of human psychology, is a pervasive and ever-evolving threat to information security. This comprehensive examination seeks to educate and equip companies of all sizes with the knowledge and strategies necessary to defend against this multifaceted threat. Our journey commences with a foundational definition of social engineering and progresses into an exploration of the attack cycle andtaxonomy for both attackers and attack vectors, before we analyze the different attack patterns themselves. As we progress, our research uncovers the psychological vulnerabilities and behavioral factors that render individuals susceptible to these attacks. It also delves into the complex realm of demographics, offering insights into the contradictions found in existing research within this field. Defending against social engineering requires a multifaceted approach. Our work emphasizes the pivotal role of robust security policies, the utility of serious games in security education and goal elicitation, and the development of effective training methods that foster security-conscious behaviors. Ethical implications are considered throughout our examination, encompassing the need for ethical demographics research aimed at preventing discrimination and the ethical conduct of penetration tests to safeguard employee rights and dignity. Furthermore, we highlight the significance of disaster recovery strategies as a critical component of defense, mitigating the potential fallout of social engineering attacks. Our research concludes with the presentation of tailored best practices for organizations committed to securing their environments against the backdrop of social engineering threats. In summary, we acknowledge that social engineering remains a dynamic challenge. This exploration underscores the significance of interdisciplinary, holistic tactics that encompass education, policy implementation, advanced technology, and ethical considerations. Collectively, these elements bolster organizational defenses, safeguarding the most valuable assets—both people and data. Our research emphasizes the need for continuous adaptation and underscores the importance of effective security training and awareness programs for employees in confronting the ever-shifting landscape of social engineering threats. |
||||
Alternative Abstract: |
|
||||
Uncontrolled Keywords: | Social Engineering, IT Security, Serious Games, Influencing People, Interdisciplinarity in IT, Security Policies, Ethics | ||||
Status: | Publisher's Version | ||||
URN: | urn:nbn:de:tuda-tuprints-264588 | ||||
Classification DDC: | 000 Generalities, computers, information > 004 Computer science | ||||
Divisions: | 20 Department of Computer Science > Didactics of Informatic | ||||
Date Deposited: | 22 Dec 2023 13:04 | ||||
Last Modified: | 03 Jan 2024 10:52 | ||||
URI: | https://tuprints.ulb.tu-darmstadt.de/id/eprint/26458 | ||||
PPN: | 51428420X | ||||
Export: |
View Item |