Change search
ReferencesLink to record
Permanent link

Direct link
Ask and you shall know: Using interviews and the SBC model for social-engineering penetration testing
KTH, School of Information and Communication Technology (ICT), Computer and Systems Sciences, DSV.
2008 (English)In: IMETI - Int. Multi-Conf. Eng. Technol. Innov., Proc., 2008, 121-128 p.Conference paper (Refereed)
Abstract [en]

This paper presents the result of a case study where the SBC model was used as a foundation to perform semi-structured interviews to test the security in a medical establishment. The answers were analyzed and presented in an uncomplicated graph. The purpose was to study the feasibility of letting the users participate, instead of exploiting their weaknesses. It was found that the approach of interviewing the subjects rendered interesting, and relevant, results, making it an approach that should be studied further due to its apparent gains: less ethically troublesome penetration testing, increased awareness, improved coverage and novel information as added bonuses.

Place, publisher, year, edition, pages
2008. 121-128 p.
, IMETI 2008 - International Multi-Conference on Engineering and Technological Innovation, Proceedings, 1
Keyword [en]
Penetration tests, SBC model, Social engineering, Novel information, Penetration test, Penetration testing, Semi structured interviews, Industrial engineering, Engineering
National Category
Sociology Computer Systems
URN: urn:nbn:se:kth:diva-152194ISI: 000263828900024ScopusID: 2-s2.0-84893195083ISBN: 1934272434ISBN: 9781934272435OAI: diva2:750575
International Multi-Conference on Engineering and Technological Innovation, IMETI 2008, 29 June-2 July 2008, Orlando, FL, USA

QC 20140929

Available from: 2014-09-29 Created: 2014-09-23 Last updated: 2014-09-29Bibliographically approved

Open Access in DiVA

No full text


Search in DiVA

By author/editor
Kowalski, Stewart
By organisation
Computer and Systems Sciences, DSV
SociologyComputer Systems

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 34 hits
ReferencesLink to record
Permanent link

Direct link