Change search
ReferencesLink to record
Permanent link

Direct link
Auditing the Human Factor as a Part of Setting up an Information Security Management System
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
2013 (English)Independent thesis Advanced level (professional degree), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

The human factor is the weakest link in all information systems regarding security but the users are not aware of the risks and the importance of following policies and routines to prevent a security breach. The most common attack vector starts by exploiting the human weakness and plant malware inside the organization. There is a need to nd a good way to audit the human factor to address this issue. Dierent penetration tests will be evaluated in this study; two phishing attacks and one in the form of a survey under a false pretext. The respondents are tricked into thinking that they are answering questions about customer service eciency while they are actually about information security and social engineering.

This thesis argues that it is very complicated to measure people's predisposition to fall for social engineering but the survey under a false pretext is an interesting method to use when auditing how vulnerable an organization is to social engineering. It is also good at increasing the security awareness and to be used as a soft-start for the information security management process. The author also argues that all humans can be deceived and trust is something that is crucial for the society to work. It is therefore perhaps more meaningful to audit the users compliance with security policies and not the human behavior.

Place, publisher, year, edition, pages
2013. , 30 p.
EES Examensarbete / Master Thesis, XR-EE_ICS 2013:001
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
URN: urn:nbn:se:kth:diva-119528OAI: diva2:611457
Educational program
Master of Science in Engineering - Electrical Engineering
Available from: 2013-03-18 Created: 2013-03-15 Last updated: 2013-06-10Bibliographically approved

Open Access in DiVA

fulltext(332 kB)1894 downloads
File information
File name FULLTEXT01.pdfFile size 332 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Svensson, Gustav
By organisation
Industrial Information and Control Systems
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 1894 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 712 hits
ReferencesLink to record
Permanent link

Direct link