his.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Kowalski, Stewart
Publications (8 of 8) Show all publications
Kävrestad, J., Åhlfeldt, R.-M., Nohlberg, M., Johani, K. & Kowalski, S. (2019). Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS). In: Stewart Kowalski, Peter Bednar, Alexander Nolte, Ilia Bider (Ed.), Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019). Paper presented at 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019), Stockholm, Sweden, June 10, 2019 (pp. 153-155). CEUR-WS, 2398
Open this publication in new window or tab >>Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS)
Show others...
2019 (English)In: Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019) / [ed] Stewart Kowalski, Peter Bednar, Alexander Nolte, Ilia Bider, CEUR-WS , 2019, Vol. 2398, p. 153-155Conference paper, Poster (with or without abstract) (Refereed)
Place, publisher, year, edition, pages
CEUR-WS, 2019
Series
CEUR Workshop Proceedings, E-ISSN 1613-0073 ; 2398
Keywords
education, spiral learning, curriculum, information security
National Category
Other Computer and Information Science
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-17453 (URN)2-s2.0-85069459247 (Scopus ID)
Conference
5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019), Stockholm, Sweden, June 10, 2019
Available from: 2019-07-18 Created: 2019-07-18 Last updated: 2019-09-09Bibliographically approved
Nohlberg, M., Wangler, B. & Kowalski, S. (2011). A Conceptual Model of Social Engineering. Journal of Information System Security, 7(2), 3-13
Open this publication in new window or tab >>A Conceptual Model of Social Engineering
2011 (English)In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 7, no 2, p. 3-13Article in journal (Refereed) Published
Abstract [en]

Social engineering is a term used for techniques to trick, or con, users into giving out information to someone that should not have it. In this paper we discuss and model various notions related to social engineering. By using a broad, cross disciplinary approach, we present a conceptual model of the different kinds of social engineering attacks, and their preparation, the victim and the perpetrator, as well as the cultural aspects. By using this approach a better general understanding of social engineering can be reached. The model is also a good tool for teaching about and protecting against social engineering attacks.

Place, publisher, year, edition, pages
Washington DC: Information Institute Publishing, 2011
Keywords
Social Engineering, Information Security, Conceptual Model, Phishing
Identifiers
urn:nbn:se:his:diva-7225 (URN)
Available from: 2013-02-13 Created: 2013-02-13 Last updated: 2019-08-22Bibliographically approved
Nohlberg, M., Wangler, B. & Kowalski, S. (2010). A Conceptual Model of Social Engineering. In: : . Paper presented at 9th Annual Security Conference Discourses in Security, Assurance and Privacy April 7-8, 2010, Las Vegas.
Open this publication in new window or tab >>A Conceptual Model of Social Engineering
2010 (English)Conference paper, Published paper (Refereed)
Identifiers
urn:nbn:se:his:diva-7386 (URN)
Conference
9th Annual Security Conference Discourses in Security, Assurance and Privacy April 7-8, 2010, Las Vegas
Available from: 2013-03-06 Created: 2013-03-06 Last updated: 2019-08-23Bibliographically approved
Huber, M., Kowalski, S., Nohlberg, M. & Tjoa, S. (2009). Towards Automating Social Engineering Using Social Networking Sites. In: 2009 International Conference on Computational Science and Engineering: . Paper presented at 2009 International Conference on Computational Science and Engineering (pp. 117-124). IEEE Computer Society
Open this publication in new window or tab >>Towards Automating Social Engineering Using Social Networking Sites
2009 (English)In: 2009 International Conference on Computational Science and Engineering, IEEE Computer Society , 2009, p. 117-124Conference paper, Published paper (Refereed)
Abstract [en]

A growing number of people use social networking sites to foster social relationships among each other. While the advantages of the provided services are obvious, drawbacks on a users’ privacy and arising implications are often neglected. In this paper we introduce a novel attack called automated social engineering which illustrates how social networking sites can be used for social engineering. Our approach takes classical social engineering one step further by automating tasks which formerly were very time-intensive. In order to evaluate our proposed attack cycle and our prototypical implementation (ASE bot), we conducted two experiments. Within the first experiment we examine the information gathering capabilities of our bot. The second evaluation of our prototype performs a Turing test. The promising results of the evaluation highlightthe possibility to efficiently and effectively perform social engineering attacks by applying automated social engineering bots.

Place, publisher, year, edition, pages
IEEE Computer Society, 2009
Keywords
security, social engineering, social networking sites, automated social engineering, deception
National Category
Computer and Information Sciences
Research subject
Technology
Identifiers
urn:nbn:se:his:diva-3415 (URN)10.1109/CSE.2009.205 (DOI)2-s2.0-70849122971 (Scopus ID)978-0-7695-3823-5 (ISBN)
Conference
2009 International Conference on Computational Science and Engineering
Available from: 2009-10-09 Created: 2009-10-09 Last updated: 2019-08-22Bibliographically approved
Nohlberg, M., Kowalski, S. & Karlsson, K. (2008). Ask and you shall know: using interviews and the SBC model for social-engineering penetration testing. In: Chu Hsing-Wei, Estrems Manuel, Ferrer José, Franco Patricio, Savoie Michael (Ed.), Proceedings of the 1st International Multi-Conference on Engineering and Technological Innovation; IMETI 2008: Volume I. Paper presented at International Multi-Conference on Engineering and Technological Innovation, Orlando, FL, June 29-July 02, 2008 (pp. 121-128). Orlando: International Institute of Informatics and Systemics
Open this publication in new window or tab >>Ask and you shall know: using interviews and the SBC model for social-engineering penetration testing
2008 (English)In: Proceedings of the 1st International Multi-Conference on Engineering and Technological Innovation; IMETI 2008: Volume I / [ed] Chu Hsing-Wei, Estrems Manuel, Ferrer José, Franco Patricio, Savoie Michael, Orlando: International Institute of Informatics and Systemics, 2008, p. 121-128Conference paper, Published paper (Refereed)
Abstract [en]

This paper presents the result of a case study where the SBC model was used as a foundation to perform semi-structured interviews to test the security in a medical establishment. The answers were analyzed and presented in an uncomplicated graph. The purpose was to study the feasibility of letting the users participate, instead of exploiting their weaknesses. It was found that the approach of interviewing the subjects rendered interesting, and relevant, results, making it an approach that should be studied further due to its apparent gains: less ethically troublesome penetration testing, increased awareness, improved coverage and novel information as added bonuses.

Place, publisher, year, edition, pages
Orlando: International Institute of Informatics and Systemics, 2008
Keywords
Social Engineering, SBC model, Penetration Tests
Identifiers
urn:nbn:se:his:diva-7223 (URN)000263828900024 ()2-s2.0-84893195083 (Scopus ID)978-1-934272-43-5 (ISBN)1-934272-43-4 (ISBN)
Conference
International Multi-Conference on Engineering and Technological Innovation, Orlando, FL, June 29-July 02, 2008
Available from: 2013-02-13 Created: 2013-02-13 Last updated: 2019-08-23Bibliographically approved
Nohlberg, M., Kowalski, S. & Huber, M. (2008). Measuring Readiness for Automated Social Engineering. In: Proceedings of the 7th Annual Security Conference, Las Vegas, USA, June 2-3, 2008 [CD-ROM]: . Paper presented at 7th Annual Security Conference, Las Vegas, USA, June 2-3, 2008 (pp. 20.1-20.13).
Open this publication in new window or tab >>Measuring Readiness for Automated Social Engineering
2008 (English)In: Proceedings of the 7th Annual Security Conference, Las Vegas, USA, June 2-3, 2008 [CD-ROM], 2008, p. 20.1-20.13Conference paper, Published paper (Refereed)
Abstract [en]

This paper presents the result of a case study of the readiness of four large Swedish multinational corporations to deal with automated social engineering attacks. A preliminary study to review how the security policy of a large corporation deals with social engineering attacks was performed. The results from this study were combined with a conceptual model of social engineering when constructing a new interview protocol and a grading scale. This interview protocol was designed to measure the readiness of an organization to deal with social engineering attacks in general, and in this case with automated social engineering in particular. Four interviews were conducted with senior security managers and senior employees. Results indicate that no organization was over 60% on the readiness scale and thus all are considered at risk of attack.

Keywords
Automated social engineering, social engineering, readiness, security readiness measurements, web 2.0 security, cycle of deception, onlnine social networks
Research subject
Technology
Identifiers
urn:nbn:se:his:diva-3623 (URN)978-1-935160-01-4 (ISBN)
Conference
7th Annual Security Conference, Las Vegas, USA, June 2-3, 2008
Available from: 2010-02-01 Created: 2010-02-01 Last updated: 2019-08-22Bibliographically approved
Nohlberg, M., Kowalski, S. & Karlsson, K. (2008). Non-Invasive Social Engineering Penetration Testing in a Medical Environment. In: Proceedings of the 7th Annual Security Conference [CD-ROM]: . Paper presented at 7th Annual Security Conference, Las Vegas, USA, June 2-3, 2008 (pp. 22.1-22.13).
Open this publication in new window or tab >>Non-Invasive Social Engineering Penetration Testing in a Medical Environment
2008 (English)In: Proceedings of the 7th Annual Security Conference [CD-ROM], 2008, p. 22.1-22.13Conference paper, Published paper (Refereed)
Abstract [en]

This paper proposes a soft approach for social engineering penetration testing. By using the SBC model as a foundation, questions related to the social element of security were asked in semi-structured interviews to a group of subjects. The answers were analyzed and presented in an uncomplicated graph. The purpose was to study the feasibility of letting the users participate, instead of exploiting their weaknesses. It was found that the approach of interviewing the subjects rendered interesting, and relevant, results, making it an approach that should be studied further due to its apparent gains: less ethically troublesome penetration testing, increased awareness, improved coverage and novel information as added bonuses.

Keywords
Social Engineering, SBC model, Penetration Tests
Research subject
Technology
Identifiers
urn:nbn:se:his:diva-3624 (URN)978-1-935160-01-4 (ISBN)
Conference
7th Annual Security Conference, Las Vegas, USA, June 2-3, 2008
Available from: 2010-02-01 Created: 2010-02-01 Last updated: 2019-08-23Bibliographically approved
Nohlberg, M. & Kowalski, S. (2008). The cycle of deception: a model of social engineering attacks, defenses and victims. In: Nathan Clarke, Steven Furnell (Ed.), Proceedings of the Second International Symposium on Human Aspects of Information Security and Assurance (HAISA 2008): . Paper presented at Second International Symposium on Human Aspects of Information Security and Assurance (HAISA 2008), Plymouth, UK, 8-9 July 2008 (pp. 1-11). University of Plymouth
Open this publication in new window or tab >>The cycle of deception: a model of social engineering attacks, defenses and victims
2008 (English)In: Proceedings of the Second International Symposium on Human Aspects of Information Security and Assurance (HAISA 2008) / [ed] Nathan Clarke, Steven Furnell, University of Plymouth , 2008, p. 1-11Conference paper, Published paper (Refereed)
Abstract [en]

In this paper we propose a model for describing deceptive crimes in general and social engineering in particular. Our research approach was naïve inductivist and the methods used were literature study and interviews with the lead investigator in a grooming case, as we see many similarities between the techniques used in grooming, and those used in social engineering. From this we create cycles describing attacker, defender, and the victim and merge them into a model describing the cycle of deception. The model is then extended into a possible deception sphere. The resulting models can be used to educate about social engineering, to create automated social engineering attacks, to facilitate better incident reporting, and to understand the impact and economical aspects of defenses.

Place, publisher, year, edition, pages
University of Plymouth, 2008
Keywords
Social engineering, fraud, deception, security models, computer crime
Research subject
Technology
Identifiers
urn:nbn:se:his:diva-3622 (URN)978-1-84102-189-8 (ISBN)
Conference
Second International Symposium on Human Aspects of Information Security and Assurance (HAISA 2008), Plymouth, UK, 8-9 July 2008
Available from: 2010-02-01 Created: 2010-02-01 Last updated: 2019-08-22Bibliographically approved
Organisations

Search in DiVA

Show all publications