| Social engineering in information assurance curricula |
| Full text |
 Pdf
(336 KB)
|
| Source
|
Information security curriculum development
archive
Proceedings of the 3rd annual conference on Information security curriculum development
table of contents
Kennesaw, Georgia
SESSION: Pedagogy
table of contents
Pages: 191 - 193
Year of Publication: 2006
ISBN:1-59593-437-5
|
|
Author
|
|
| Publisher |
|
| Bibliometrics |
Downloads (6 Weeks): 13, Downloads (12 Months): 194, Citation Count: 0
|
|
|
 ABSTRACT
With the increasing use of security technology, technical attacks should become more difficult leading attackers to employ social engineering as a means to obtaining unauthorized access to information. Therefore, social engineering is a potentially dangerous threat to information security. Fortunately, a number of countermeasures have been proposed to defend against it. These countermeasures include implementing policy, providing end-user and key personnel education, and performing security audits. However, most current prominent information assurance curricula do not directly address social engineering and only indirectly address the countermeasures. Amending these curricula to include social engineering as a topic may help students be better prepared for encountering social engineering threats.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Anti-Phishing Working Group. Phishing attack trends report january, 2004. http://www.antiphishing.org/reports/APWG.Phishing.Attack.Report.Jan2004.pdf, 2004.
|
| |
2
|
Anti-Phishing Working Group. Phishing attack trends report december, 2005. http://www.antiphishing.org/reports/apwg_report_DEC2005_FINAL.pdf, 2005.
|
| |
3
|
CERT. The CERT®survivability and information assurance curriculum. http://www.cert.org/sia/, 2005.
|
| |
4
|
CNSS. Instructions. http://www.cnss.gov/instructions.html, 1994-2006.
|
| |
5
|
CSSIA. Center for systems security and information awarenes curriculum overview. http://www.cssia.org/CUR_Intro.cfm, 2006.
|
| |
6
|
L. A. Gordan, M. P. Loeb, W. Lucyshyn, and R. Richardson. 2005 CSI/FBI computer crime and security survey. http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml, 2005.
|
| |
7
|
D. Gragg. A multi-level defense against social engineering. White paper, SANS Institute, 2003.
|
| |
8
|
A. J. Herbert. Information battleground. Air Force Magazine, 88(12), December 2005 2005.
|
| |
9
|
(ISC)2. Certified information systems security profiessional (cissp) candidate information bulletin. https://www.isc2.org/cgi-bin/request_studyguide. cgi?displaycategory=694, 2006.
|
| |
10
|
C. E. Lively Jr. Psychological based social engineering. http://www.giac.org/certified_professionals/practicals/gsec/3547.php, 2003.
|
| |
11
|
|
| |
12
|
NIATEC. Information assurance teaching materials. http://niatec.info/teachmatl.htm, 2006.
|
| |
13
|
|
 |
14
|
|
| |
15
|
M. E. Whitman and H. J. Mattord. A model curriculum for programs of study in information security and assurance v. 3.0. http://infosec.kennesaw.edu/presentations/InfoSecCurriculumModel.pdf, 2005.
|
| |
16
|
I. S. Winkler and B. Dealy. Information security technology? dont rely on it: A case study in social engineering. In Fifth USENIX UNIX Security Symposium, Salt Lake City, UT, 1995.
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
K.3