Social Engineering Penetration Testing in Higher Education Institutions

Marusenko, R. та Sokolov, V. Y. та Skladannyi, Pavlo (2023) Social Engineering Penetration Testing in Higher Education Institutions In: Lecture Notes on Data Engineering and Communications Technologies. Springer, с. 1132-1147.

Текст Marusenko_R_Sokolov_V_Skladannyi_P_LNDECT_181.pdf - Опублікована версія Download (60kB)

Анотація

Social engineering penetration testing is a complex but necessary tool to test the security of information systems. Such testing requires balancing the organization’s benefit and the comfort of an information system user. Penetration testing poses complex ethical concerns affecting people who do not expect it. At the same time, penetration testing is effective only when it mimics the real situation as much as possible, i. e. it is unexpected. The article’s authors describe the methodology of social engineering penetration testing of the educational institution information system; substantiate the design of the experiment, which allows for balancing the ethical precautions and the effectiveness of testing. The authors formulate a set of markers that they use to reduce the negative impact of the attack on users of the information system and to help users to identify the true nature of the attack. The experiment conducted by the authors shows the advance of a phishing attack aimed at a large number of system users and its effectiveness. The authors also reveal the challenges such an attack poses to the information system staff, who have to respond to such influence effectively and on time. The experiment shows that half of the responses were received in the first 40 min after mailing. Concluding the research authors analyze the suggested design of social engineering penetration testing experiment, ways to respond to real attacks of this kind, as well as to raise respondents’ awareness. The directions for possible future research are outlined. The value of this research is in the object—students of a higher educational institution who constantly work with information. The neglect of personal information indicates the need to introduce information hygiene courses from the very first courses.

Тип елементу :	Розділ підручника/навчального посібника
Додаткова інформація:	DOI: 10.1007/978-3-031-36118-0_96 EID: 2-s2.0-85169039263
Ключові слова:	High school; Higher education institution; Penetration testing; Phishing; Sensitive information; Social engineering;
Типологія:	Це архівна тематика Київського університету імені Бориса Грінченка > Статті у наукометричних базах > Scopus
Підрозділи:	Це архівні підрозділи Київського університету імені Бориса Грінченка > Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки імені професора Володимира Бурячка
Користувач, що депонує:	Volodymyr Sokolov
Дата внесення:	04 Вер 2023 10:06
Останні зміни:	04 Вер 2023 10:06
URI:	https://elibrary.kubg.edu.ua/id/eprint/45924

Actions (login required)

Перегляд елементу