Ask and you shall know: Using interviews and the SBC model for social-engineering penetration testing
2008 (English)In: IMETI - Int. Multi-Conf. Eng. Technol. Innov., Proc., 2008, 121-128 p.Conference paper (Refereed)
This paper presents the result of a case study where the SBC model was used as a foundation to perform semi-structured interviews to test the security in a medical establishment. The answers were analyzed and presented in an uncomplicated graph. The purpose was to study the feasibility of letting the users participate, instead of exploiting their weaknesses. It was found that the approach of interviewing the subjects rendered interesting, and relevant, results, making it an approach that should be studied further due to its apparent gains: less ethically troublesome penetration testing, increased awareness, improved coverage and novel information as added bonuses.
Place, publisher, year, edition, pages
2008. 121-128 p.
, IMETI 2008 - International Multi-Conference on Engineering and Technological Innovation, Proceedings, 1
Penetration tests, SBC model, Social engineering, Novel information, Penetration test, Penetration testing, Semi structured interviews, Industrial engineering, Engineering
Sociology Computer Systems
IdentifiersURN: urn:nbn:se:kth:diva-152194ISI: 000263828900024ScopusID: 2-s2.0-84893195083ISBN: 1934272434ISBN: 9781934272435OAI: oai:DiVA.org:kth-152194DiVA: diva2:750575
International Multi-Conference on Engineering and Technological Innovation, IMETI 2008, 29 June-2 July 2008, Orlando, FL, USA
QC 201409292014-09-292014-09-232014-09-29Bibliographically approved