Ask and you shall know: using interviews and the SBC model for social-engineering penetration testing
2008 (English)In: Proceedings of the 1st International Multi-Conference on Engineering and Technological Innovation; IMETI 2008: Volume I / [ed] Chu Hsing-Wei, Estrems Manuel, Ferrer José, Franco Patricio, Savoie Michael, Orlando: International Institute of Informatics and Systemics, 2008, 121-128 p.Conference paper (Refereed)
This paper presents the result of a case study where the SBC model was used as a foundation to perform semi-structured interviews to test the security in a medical establishment. The answers were analyzed and presented in an uncomplicated graph. The purpose was to study the feasibility of letting the users participate, instead of exploiting their weaknesses. It was found that the approach of interviewing the subjects rendered interesting, and relevant, results, making it an approach that should be studied further due to its apparent gains: less ethically troublesome penetration testing, increased awareness, improved coverage and novel information as added bonuses.
Place, publisher, year, edition, pages
Orlando: International Institute of Informatics and Systemics, 2008. 121-128 p.
Social Engineering, SBC model, Penetration Tests
IdentifiersURN: urn:nbn:se:his:diva-7223ISI: 000263828900024ISBN: 978-1-934272-43-5OAI: oai:DiVA.org:his-7223DiVA: diva2:605258
International Multi-Conference on Engineering and Technological Innovation, Orlando, FL, June 29-July 02, 2008