|
One of the most serious threats in the world today to the security of cyberspace is "social engineering" - the process by which people with access to critical information regarding information systems security are tricked or manipulated into surrendering such information to unauthorized persons, thereby allowing them access to otherwise secure systems. To date, little systematic research has been conducted on social engineering. This research will fill this void by examining who social engineers are, why they engage in social engineering, the processes they use to conceive of and implement social engineering projects, and how they view information privacy and security and justify their behavior. Further, to understand how organizations affected by social engineering cope with the threat it poses, this research also examines the perspectives on social engineering of IT professionals who oversee organizational computer systems and the security of potentially sensitive information. Through gaining a deeper and more accurate understanding of social engineering - a phenomenon currently shrouded in myth and misconception for many - this research will contribute to important advances in criminology and other fields with a vested interest in learning about the human dimensions of information security and inform the development of information security strategies.
This study uses a cross-sectional, non-experimental research design that employs both qualitative and quantitative data. The qualitative component involves semi-structured interviews of social engineers "in the wild," security auditors, and IT professionals. Open-ended interview questions will be used to elicit this data. In addition, these interviews will be used to gather quantitative data to measure demographic, computer use, and other social characteristics of social engineers. A set of structured survey questions will be administered by the interviewer as part of the interview process. To select a sample of subjects, a nonprobability, purposive, "snowball" sampling design is used, which is well-suited for studying "hidden" populations such as social engineers. To analyze the qualitative data, grounded theory techniques are used which involve the transformation of data into concepts, which are then summarized into broader analytic categories, leading to the isolation of patterns in the data. Quantitative data will be analyzed through an assortment of univariate, bivariate, and multivariate techniques.
|
SBE: Small: Technological Con-Artistry: An Analysis of Social Engineering