Establishing the Human Firewall: Reducing an Individual's Vulnerability to Social Engineering Attacks
Date of Award
Master of Science
Department of Electrical and Computer Engineering
Robert F. Mills, PhD
Hackers frequently use social engineering attacks to gain a foothold into a target network. This type of attack is a tremendous challenge to defend against, as the weakness lies in the human users, not in the technology. Thus far, methods for dealing with this threat have included establishing better security policies and educating users on the threat that exists. Existing techniques aren’t working as evidenced by the fact that auditing agencies consider it a given that will be able to gain access via social engineering. The purpose of this research is to propose a better method of reducing an individual’s vulnerability to social engineering attacks. The first part of the research formally establishes the connection between social engineering attacks and what social psychologists call, “illegitimate persuasion” using content analysis to show that both target the same common psychological triggers. This comparison is done by comparing specific examples in different mediums. Once this connection is established, this research also proposes how to apply specific techniques that have been shown to be effective in increasing an individual’s resistance to persuasion. Specifically, it uses techniques that have been shown to be effective in bolstering an individual’s resistance illegitimate persuasion. The research culminates in the proposal of a template for a training program using these new techniques that can be incorporated into existing training classes that should significantly reduce an individual’s vulnerability to social engineering attacks.
DTIC Accession Number
Scheeres, Jamison W., "Establishing the Human Firewall: Reducing an Individual's Vulnerability to Social Engineering Attacks" (2008). Theses and Dissertations. 2790.