Social Engineering Framework: Understanding the Deception Approach to Human Element of Security
Social engineering has become serious phenomenon in the history of information security worldwide. Although this approach is widely used by criminals to exploit the human aspect as the security weakest link, there is not many studies focusing on such issue. Fail to understand the nature of social engineering will increase the security risk posture of the organisation. Inspite of the fact that most of social engineering attacks are seemed to be unstructure and diverse in nature, this research result shows that there exists common patterns that can be mapped and organised in a logical and structured way. This study is aimed to develop and to propose a framework to help security practitioners in having better and wholistic understanding on the nature and characteristics of such humen-based attack. By understanding the detail characteristics of social engineering, an effective countermeasure effort can be designed and developed. This concept shall be used by the management of organisation or institution in developing its security mitigation strategy.
Keywords: Social Engineering, Security, Deception, Attack, Human Element
ABOUT THE AUTHOR
Richardus Eko Indrajit
Richardus Eko Indrajit is a profesor of information system from ABFI Instiute Perbanas, Indonesia. Graduated as Bachelor fo Engineering from Sepuluh Nopember Institute of Technology, Surabaya, Indonesia. Holding a Master of Computer Science Degree from Harvard University, USA and Doctor of Business Administration from Pamantasan ng Lungsod ng Maynila, the Philippines. Presently, chairing the Association of Global IT Architect (IASA) – Indonesian Chapter, and acting as Strategic Advisor of Cyber Operation Center, Ministry of Defense, Republic of Indonesia.