Abstract
We explore ICT security in a socio-technical world and focus
in particular on the susceptibility to social engineering attacks. We pursue the question if and how personality traits influence this susceptibility. This allows us to research human factors and their potential impact on the physical and digital security domains. We show how Cialdini's principles of influence can be used to explain why most social engineering attacks succeed and that these attacks mainly rely on peripheral route persuasion.
A comprehensive literature review reveals that individual values of a victim's personality traits relate to social engineering susceptibility. Furthermore, we construct suggestions for plausible relations between personality traits of the Five-Factor Model (Big 5) and the principles of influence.
Based on these arguments, we propose our "Social Engineering Personality Framework" (SEPF). It supports and guides security researchers in developing holistic detection, mitigation, and prevention strategies while dealing with human factors.
| Original language | English |
|---|---|
| Title of host publication | 2014 Workshop on Socio-Technical Aspects in Security and Trust (STAST) |
| Place of Publication | Piscataway, NJ, USA |
| Publisher | IEEE |
| Pages | 24-30 |
| Number of pages | 7 |
| ISBN (Print) | 978-1-4799-7901-1 |
| DOIs | |
| Publication status | Published - Jul 2014 |
| Event | 4th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2014 - Vienna, Austria Duration: 18 Jul 2014 → 18 Jul 2014 Conference number: 4 http://stast2014.uni.lu/ |
Workshop
| Workshop | 4th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2014 |
|---|---|
| Abbreviated title | STAST |
| Country/Territory | Austria |
| City | Vienna |
| Period | 18/07/14 → 18/07/14 |
| Internet address |
Keywords
- EC Grant Agreement nr.: FP7/318003
- METIS-306054
- IR-101939
- EWI-25128
- EC Grant Agreement nr.: FP7/2007-2013