ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Social engineering: the "Dark Art"
Full text PdfPdf (68 KB)
Source Information security curriculum development archive
Proceedings of the 1st annual conference on Information security curriculum development table of contents
Kennesaw, Georgia
SESSION: Student papers table of contents
Pages: 133 - 135  
Year of Publication: 2004
ISBN:1-59593-048-5
Author
Tim Thornburgh  Kennesaw State University, Kennesaw, GA
Sponsor
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): n/a,   Downloads (12 Months): n/a,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   reviews  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1059524.1059554
What is a DOI?

ABSTRACT

The key to maintaining the confidentiality, integrity, and availability of an organizations information and information systems is controlling who accesses what information. This is accomplished by being able to identify the requestor, verifying the requestor is not an impostor, and ensuring that the requestor has the proper level of clearance to access a given resource. There have always been those that attempt to by-pass this security mechanism through brute force or guile. In the past, those who use guile have been called confidence men and con artists. Today, these people are called social engineers, but the tactics remain the same even if the objectives have changed.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Kevin D. Mitnick , William L. Simon , William Simon, The Art of Deception: Controlling the Human Element of Security, John Wiley & Sons, Inc., New York, NY, 2002
 
2
Kevin D. Mitnick , William L. Simon , William Simon, The Art of Deception: Controlling the Human Element of Security, John Wiley & Sons, Inc., New York, NY, 2002
 
3
Erianger, L. (2004) The weakest link. PC Magazine, 23, 58--59. Retrieved June 13, 2004 from EBSCOhost database.
 
4
Granger, S. (2001, December 18) Social engineering fundamentals, part I: Hacker tactics. Retrieved June 15, 2004 from <u>http://www.securityfocus.com/infocus/1527</u>
 
5
Manske, K. (November 2000) An introduction to social engineering. Information Systems Security 9, 53--59. Retrieved June 7, 2004 from GALILEO: Computer Source database.
 
6
Rusch, J. (1999, June 24) The "social engineering" of Internet fraud. Paper presented at the 1999 Internet Society's INET'99 conference. Retrieved June 6, 2004 from <u>http://www.isoc.org/isoc/conferences/inet/99/proceedings/3g/3g_2.htm</u>
 
7
Rusch, J. (1999, June 24) The "social engineering" of Internet fraud. Paper presented at the 1999 Internet Society's INET'99 conference. Retrieved June 6, 2004 from <u>http://www.isoc.org/isoc/conferences/inet/99/proceedings/3g/3g_2.htm</u>
 
8
Kevin D. Mitnick , William L. Simon , William Simon, The Art of Deception: Controlling the Human Element of Security, John Wiley & Sons, Inc., New York, NY, 2002
 
9
Manske, K. (November 2000) An introduction to social engineering. Information Systems Security 9, 53--59. Retrieved June 7, 2004 from GALILEO: Computer Source database.
 
10
Kevin D. Mitnick , William L. Simon , William Simon, The Art of Deception: Controlling the Human Element of Security, John Wiley & Sons, Inc., New York, NY, 2002
 
11
Michael E. Whitman , Herbert J. Mattord, Management of Information Security, Course Technology Press, 2004

CITED BY
Douglas P. Twitchell, Social engineering in information assurance curricula, Proceedings of the 3rd annual conference on Information security curriculum development, September 22-23, 2006, Kennesaw, Georgia

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.1 Public Policy Issues
      K.4.2 Social Issues
      K.4.4 Electronic Commerce
          Subjects: Security
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


Keywords:
information assurance, information security, social engineering


REVIEWS

"Andre C. M. Marien : Reviewer"

This three-page paper summarizes the essentials of social engineering. A social engineer (SE) targets people, not technology, to access privileged data. This is now a hot topic; phishing is a fully electronic version of social engineering, where p  more...


"Barrett Hazeltine : Reviewer"

Social engineering is "a social/psychological process by which an individual can gain information from an individual about a targeted organization." An example is a phone call: "Hi, this is Chuck from network support... We need to know your login   more...


The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player