Date(s) - 5 Feb 2020
1:10 PM - 2:00 PM
3043 ECpE Building Addition
Speaker: Jin-Ning Tioh, ECpE Graduate Student
Adviser: Mani Mina and Doug Jacobson
Title: Creating an Extensible Teaching Tool for Social Engineering Education and Awareness
Abstract: This presentation will cover the design and implementation of an extensible teaching tool for social engineering education and awareness. While the implementation or theory of security controls and mechanisms at the application, operating system, network, and physical layers continues to be the dominant focal point of recent research within the field of computer and information security, there has been a growing awareness as late of the importance of securing the user layer as well especially from a sociotechnical perspective. Long recognized as the weakest link in the security chain, the vast majority of users more often than not lack any sort of technical background or training and thus – an awareness of basic information assurance concepts, such as confidentiality, authentication, integrity, and availability. Therefore, while the technical countermeasures with regards to personal, national and even international data security grow increasingly sophisticated, user education and awareness has not kept up by comparison. This leaves the users themselves as an easier and far more attractive avenue of attack, susceptible to social engineering attacks such as phishing, computer virus hoaxes, and so on. Steps have to be taken then to instill safe cyber security practices in the general computer user, overcoming their propensity to act without forethought for the consequence of their actions, including ignoring warning messages, visiting unsafe websites, and communicating with unauthenticated entities. We will endeavor to present a concise overview of the necessary background as well as discuss some of the design decisions that went into our implementation of an extensible teaching tool designed to help instill practical and relevant computer security practices to the general user in an effort to guard against some of the more common social engineering attacks.