SBE: Small: Technological Con-Artistry: An Analysis of Social Engineering

SBE：小：技术反艺术：社会工程分析

• 批准号: 1616804
• 负责人: Kevin Steinmetz
• 金额: $ 35.04万
• 依托单位: Kansas State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-09-01 至 2020-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1616804&HistoricalAwards=false
• 关键词: SBE; Small; Technological; Con; Artistry

One of the most serious threats in the world today to the security of cyberspace is "social engineering" - the process by which people with access to critical information regarding information systems security are tricked or manipulated into surrendering such information to unauthorized persons, thereby allowing them access to otherwise secure systems. To date, little systematic research has been conducted on social engineering. This research will fill this void by examining who social engineers are, why they engage in social engineering, the processes they use to conceive of and implement social engineering projects, and how they view information privacy and security and justify their behavior. Further, to understand how organizations affected by social engineering cope with the threat it poses, this research also examines the perspectives on social engineering of IT professionals who oversee organizational computer systems and the security of potentially sensitive information. Through gaining a deeper and more accurate understanding of social engineering - a phenomenon currently shrouded in myth and misconception for many - this research will contribute to important advances in criminology and other fields with a vested interest in learning about the human dimensions of information security and inform the development of information security strategies. This study uses a cross-sectional, non-experimental research design that employs both qualitative and quantitative data. The qualitative component involves semi-structured interviews of social engineers "in the wild," security auditors, and IT professionals. Open-ended interview questions will be used to elicit this data. In addition, these interviews will be used to gather quantitative data to measure demographic, computer use, and other social characteristics of social engineers. A set of structured survey questions will be administered by the interviewer as part of the interview process. To select a sample of subjects, a nonprobability, purposive, "snowball" sampling design is used, which is well-suited for studying "hidden" populations such as social engineers. To analyze the qualitative data, grounded theory techniques are used which involve the transformation of data into concepts, which are then summarized into broader analytic categories, leading to the isolation of patterns in the data. Quantitative data will be analyzed through an assortment of univariate, bivariate, and multivariate techniques.

当今世界对网络空间安全的最严重威胁之一是“社会工程”----这是一个过程，通过这个过程，能够获得有关信息系统安全的关键信息的人被欺骗或操纵，将这些信息交给未经授权的人，从而使他们能够进入本来安全的系统。 迄今为止，很少有系统的研究已经进行了社会工程。 这项研究将通过研究谁是社会工程师，他们为什么从事社会工程，他们用来构思和实施社会工程项目的过程，以及他们如何看待信息隐私和安全并证明他们的行为来填补这一空白。 此外，为了了解受社会工程影响的组织如何科普它所构成的威胁，本研究还探讨了社会工程的IT专业人员谁监督组织的计算机系统和潜在的敏感信息的安全性的观点。通过获得更深入，更准确地了解社会工程-一个现象，目前笼罩在神话和误解的许多-这项研究将有助于在犯罪学和其他领域的重要进展，在了解信息安全的人的层面的既得利益，并告知信息安全战略的发展。本研究采用了一个横断面的，非实验性的研究设计，采用定性和定量数据。定性部分包括对“野生”社会工程师、安全审计员和IT专业人员的半结构化访谈。将使用开放式访谈问题来获取这些数据。此外，这些访谈将被用来收集定量数据，以衡量人口统计，计算机使用和社会工程师的其他社会特征。作为面试过程的一部分，面试官将提出一套结构化的调查问题。 为了选择一个样本的主题，非概率，有目的的，“雪球”抽样设计，这是非常适合研究“隐藏”的人口，如社会工程师。为了分析定性数据，使用了扎根理论技术，该技术涉及将数据转换为概念，然后将其总结为更广泛的分析类别，从而隔离数据中的模式。定量数据将通过一元、二元和多元技术进行分析。

项目成果

Decrypting Social Engineering: An Analysis of Conceptual Ambiguity

解密社会工程：概念歧义分析

• DOI: 10.1007/s10612-019-09461-9
• 发表时间: 2020
• 期刊: Critical Criminology
• 影响因子: 1.8
• 作者: Steinmetz, Kevin F.;Pimentel, Alexandra;Goe, W. Richard
• 通讯作者: Goe, W. Richard

The Identification of a Model Victim for Social Engineering: A Qualitative Analysis

社会工程模型受害者的识别：定性分析

• DOI: 10.1080/15564886.2020.1818658
• 发表时间: 2021
• 期刊: Victims & Offenders
• 影响因子: 2.2
• 作者: Steinmetz, Kevin F.