Social Engineering Penetration Testing in Higher Education Institutions

Marusenko, R. and Sokolov, V. Y. and Skladannyi, Pavlo (2023) Social Engineering Penetration Testing in Higher Education Institutions In: Lecture Notes on Data Engineering and Communications Technologies. Springer, pp. 1132-1147.

[thumbnail of Marusenko_R_Sokolov_V_Skladannyi_P_LNDECT_181.pdf] Text
Marusenko_R_Sokolov_V_Skladannyi_P_LNDECT_181.pdf - Published Version

Download (60kB)


Social engineering penetration testing is a complex but necessary tool to test the security of information systems. Such testing requires balancing the organization’s benefit and the comfort of an information system user. Penetration testing poses complex ethical concerns affecting people who do not expect it. At the same time, penetration testing is effective only when it mimics the real situation as much as possible, i. e. it is unexpected. The article’s authors describe the methodology of social engineering penetration testing of the educational institution information system; substantiate the design of the experiment, which allows for balancing the ethical precautions and the effectiveness of testing. The authors formulate a set of markers that they use to reduce the negative impact of the attack on users of the information system and to help users to identify the true nature of the attack. The experiment conducted by the authors shows the advance of a phishing attack aimed at a large number of system users and its effectiveness. The authors also reveal the challenges such an attack poses to the information system staff, who have to respond to such influence effectively and on time. The experiment shows that half of the responses were received in the first 40 min after mailing. Concluding the research authors analyze the suggested design of social engineering penetration testing experiment, ways to respond to real attacks of this kind, as well as to raise respondents’ awareness. The directions for possible future research are outlined. The value of this research is in the object—students of a higher educational institution who constantly work with information. The neglect of personal information indicates the need to introduce information hygiene courses from the very first courses.

Item Type: Book Section
Additional Information: DOI: 10.1007/978-3-031-36118-0_96 EID: 2-s2.0-85169039263
Uncontrolled Keywords: High school; Higher education institution; Penetration testing; Phishing; Sensitive information; Social engineering;
Subjects: Це архівна тематика Київського університету імені Бориса Грінченка > Статті у наукометричних базах > Scopus
Divisions: Це архівні підрозділи Київського університету імені Бориса Грінченка > Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки імені професора Володимира Бурячка
Depositing User: Volodymyr Sokolov
Date Deposited: 04 Sep 2023 10:06
Last Modified: 04 Sep 2023 10:06

Actions (login required)

View Item View Item