Development of Methodical Social Engineering Taxonomy Project

Abstract : Since security is based on trust in authenticity as well as trust in protection, the weakest link in the security chain is often between the keyboard and chair. We have a natural human willingness to accept someone at his or her word. Attacking computer systems via information gained from social interactions is a form of social engineering. Attackers know how much easier it is to trick insiders instead of targeting the complex technological protections of systems. In an effort to formalize social engineering, we are building two models: Trust and Attack. Because social-engineering attacks are complex and typically require multiple visits and targets, these two models can be applied, individually or together, at various times to each individual attack goal.