ANWESH: International Journal of Management & Information Technology

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

A Study of Social Engineering Based Attacks in Kathmandu University to Propose a Conceptual Framework


Affiliations
1 Department of Computer Science and Engineering, School of Engineering, Kathmandu University, Dhulikhel, Kavre, Nepal
     

   Subscribe/Renew Journal


Social engineering is a major issue affecting organizational security throughout the world. Educating the employees of every organization about social engineering attacks and the negative effects it brings to their organization is a very important step to be taken by every organization but is overlooked most of the times. The objective of this research is to evaluate the current awareness level of staffs of Kathmandu University towards very common social engineering attacks and propose a conceptual framework for prevention of these attacks. A questionnaire was created and a survey was conducted accordingly within teaching and non-teaching staffs of Kathmandu University. Based on the 51 responses achieved, the paper proposes a conceptual framework for the university to adapt to their information system for a more secure environment.

Keywords

Awareness, Passwords, Phishing, Social Engineering, Vishing, Vulnerability.
User
Subscription Login to verify subscription
Notifications
Font Size

  • D. Allan, “We all have too many online accounts - and can’t remember the passwords,” July 23, 2015. Available http://www.itproportal.com/2015/07/23/we-all-have-too-many-online-accounts-%20and-cant-remember-the-passwords./

  • F. Amigorena, “Password sharing: How to stamp out a dangerous habit,” June 30, 2014. Available http://www.techradar.com/news/world-of-tech/management/password-sharing-how-to-stamp-out-a-dangerous-habit-1255348

  • A. Chitrey, D. Singh, and V. Singh, “A comprehensive study of social engineering based attacks in India to develop a conceptual model,” International Journal of Information & Network Security, pp. 45-53, 2012. Available https://core.ac.uk/download/pdf/9428698.pdf

  • O. Fink, “Vulnerability identification,” September 21, 2008. Available Hacking the Universe: http://www.hackingtheuniverse.com/infosec/nist-computer-security/risk-%20assessment/vulnerability-identification

  • R. Gulati, “The threat of social engineering and your defense against it,” 2003. Available https://www.sans.org/reading-room/whitepapers/engineering/threat-social-engineering-defense-1232

  • “How Password Sharing Destroys Companies,” July 21, 2013. Available Perfect Cloud: https://blog.perfect-cloud.io/how-password-sharing-destroys-companies/

  • M. Huber, S. Kowalski, M. Nohlberg, and S. Tjoa, “Towards automating social engineering using social networking sites,” Computational Science and Engineering, pp. 117-124. 2009. Available //www.sba-research.org/wp-content/uploads/publications/2009%20-%20Huber%20-%20Towards%20Automating%20Social%20Engineering%20Using%20Social%20Networking%20Sites.pdf

  • “Internet security threat report,” 2016. Available https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf

  • A. Kumar, and N. Kumar, “Social engineering: attack, prevention and framework,” 2016. International Journal for Research in Applied Science & Engineering Technology. Available http://www.ijraset.com/fileserve.php?FID=4026

  • J. Long, “No tech hacking: A guide to social engineering, dumpster diving and shoulder surfing,” Burlington: Syngress Publishing, 2008.

  • C. Peterson, “23 Social engineering attacks you need to shut down,” March 16, 2016. Available SmartFile: https://www.smartfile.com/blog/social-engineering-attacks/

  • Social engineering leads the top 10 list of most popular hacking methods-Balabit survey results from black hat USA and EU shows”. Available Balabit: https://www.balabit.com/news/press/social-engineering-leads-the-top-10-list-of-most-popular-hacking-methods-balabit-survey-results-from-black-hat-usa

  • S. Stahl, and K. A. Pease, “Seven Requirements for successfully implementing information security policies and standards: A guide for executives. Los Angeles: Citadel Information Group,” 2011. Available https://citadel-information.com/wp-content/uploads/2010/12/seven-requirements-for-successfully-implementing-information-security-policies-1108.pdf

  • Why You Should Use Different Passwords. Available Privacy and Information Security https://security.illinois.edu/content/why-you-should-use-different-passwords


Abstract Views: 515

PDF Views: 0




  • A Study of Social Engineering Based Attacks in Kathmandu University to Propose a Conceptual Framework

Abstract Views: 515  |  PDF Views: 0

Authors

Gajendra Sharma
Department of Computer Science and Engineering, School of Engineering, Kathmandu University, Dhulikhel, Kavre, Nepal
Roshan Manjushree Adhikari
Department of Computer Science and Engineering, School of Engineering, Kathmandu University, Dhulikhel, Kavre, Nepal

Abstract


Social engineering is a major issue affecting organizational security throughout the world. Educating the employees of every organization about social engineering attacks and the negative effects it brings to their organization is a very important step to be taken by every organization but is overlooked most of the times. The objective of this research is to evaluate the current awareness level of staffs of Kathmandu University towards very common social engineering attacks and propose a conceptual framework for prevention of these attacks. A questionnaire was created and a survey was conducted accordingly within teaching and non-teaching staffs of Kathmandu University. Based on the 51 responses achieved, the paper proposes a conceptual framework for the university to adapt to their information system for a more secure environment.

Keywords


Awareness, Passwords, Phishing, Social Engineering, Vishing, Vulnerability.

References