Executing Effective Social Engineering Penetration Tests: A Qualitative Analysis.

Autor: Steinmetz, Kevin F.
Předmět:
Zdroj: Journal of Applied Security Research; Apr-Jun2023, Vol. 18 Issue 2, p246-266, 21p
Abstrakt: Penetration testing is an increasingly common strategy adopted by organizations to mitigate security risks including those posed by social engineering—the deception of individuals for the purposes of circumventing information security measures. Drawing from 54 interviews with security auditors, IT professionals, and social engineers, this study explores participant descriptions of the (1) importance of social engineering penetration tests, (2) measurement of assessment outcomes, (3) use of penetration tests as part of security awareness programs, and (4) attitude social engineers should adopt in working with client organizations and their employees. Implications for security research and penetration testing are considered. [ABSTRACT FROM AUTHOR]
Databáze: Complementary Index