The Neglected Human Factor for Information Security Management
نویسنده
چکیده
Effective information systems security management combines technological measures and managerial efforts. Although various technical means have been employed to cope with security threats, human factors have been comparatively neglected. This article examines human factors that can lead to social engineering intrusions. Social engineering is a technique used by malicious attackers to gain access to desired information by exploiting the flaws in human logic known as cognitive biases. Social engineering is a potential threat to information security and should be considered equally important to its technological counterparts. This article unveils various social engineering attacks and their leading human factors, and discusses several ways to defend against social engineering: education, training, procedure, and policy. The authors further introduce possible countermeasures for social engineering attacks. Future analysis is also presented.
منابع مشابه
Examine the components of organizational agility to design a framework for achieving agility in social security organization
Background and purpose: The purpose of the study was to examine the dimensions and components of organizational agility to design a framework. Materials and methods: The methodology is descriptive. The statistical society was selected from employees in the Social Security organization of Bojnourd (N=148). The samples were 132 staff that return the questionaries. The data collected by a researc...
متن کاملامنیت اطلاعات سامانه های تحت وب نهاد کتابخانه های عمومی کشور
Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF). Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IP...
متن کاملPROVIDE A MODEL FOR IDENTIFYING AND RANKING THE MANAGERIAL FACTORS AFFECTING INFORMATION SECURITY IN ORGANIZATION BY USING VIKOR METHOD; CASE STUDY: TEHRAN UNIVERSITY OF MEDICAL SCIENCES
<span style="color: #000000; font-family: Tahoma, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: -webkit-left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; ba...
متن کاملPROVIDE A MODEL FOR IDENTIFYING AND RANKING THE MANAGERIAL FACTORS AFFECTING INFORMATION SECURITY IN ORGANIZATION BY USING VIKOR METHOD; CASE STUDY: TEHRAN UNIVERSITY OF MEDICAL SCIENCES
<span style="color: #000000; font-family: Tahoma, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: -webkit-left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; ba...
متن کاملInformation Security Requirements for Implementing Electronic Health Records in Iran
Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...
متن کامل