We propose two methodologies for physical penetration testing using social engineering to address the correct enforcement of low-level policies. Both methodologies are designed to reduce the impact of the test on the employees and on the personal relations between the employees.
The methodologies result in a more ethical assessment of the implementation of security mechanisms in the physical and social domain. We provide an assessment of the commonly used security mechanisms in reducing laptop theft.
We evaluate the effectiveness of existing physical and social security mechanisms for protecting laptops based on 1 logs from security guards regarding laptop thefts that occurred in a period of two years in two universities in the Netherlands, and 2 the results from more than 30 simulated thefts using the methodologies in contribution 3. The results of the assessment can aid in reducing laptop theft in organizations.
We propose a practical assignment of an information security master course where students get practical insight into attacks that use physical, digital and social means. The assignment is based on the penetration testing methodologies from contribution 3.
The goal of the assignment is to give a broad overview of security to the students and to increase their interest in the field. Besides for educational purposes, the assignment can be used to increase the security awareness of the employees and provide material for future security awareness trainings.
Using these contributions, security professionals can better assess and improve the security landscape of an organization. AB - To address information security threats, an organization defines security policies that state how to deal with sensitive information. Abstract To address information security threats, an organization defines security policies that state how to deal with sensitive information.
Enschede: University of Twente. Dimkov, T..
Enschede : University of Twente, Dimkov T. Enschede: University of Twente, An expert panel of users evaluated the survey. UCL Discovery. Enter your search terms. Information security awareness: Improving current research and practice.
STUDY ON INFORMATION SECURITY AWARENESS AMONG STAFFS. MALIHE MOTIEI. A dissertation submitted in partial fulfillment of the requirements for the. This thesis defined three research questions in order to building a successful information security awareness programme for NLI: 1) What should the curriculum.
Full text not available from this repository. Abstract Large-scale data losses experienced across both public and private sector organisations have led to expectations that organisations will develop a culture that supports information security aims and objectives. Download activity - last month.