mainstream conceptual intensions in the conceptual evolution, the comparative analysis of the SEiCS definition vs. Five analysis tables (i.e., the comparative analysis of the SEiCS definition vs. This definition eliminates the conceptual inconsistencies, covers the mainstream conceptual connotations, clarifies the conceptual boundary, mitigates the overgeneralization and abuse, etc. Based on above work, this paper attempts to address these conceptual deficiencies by proposing a more compatible and precise definition of social engineering in cybersecurity (SEiCS). In this paper, an in-depth literature survey is conducted, the original meaning of social engineering in cybersecurity is traced, the conceptual evolution and technical development are analysed systematically, and the conceptual problems are discussed. Nevertheless, there are many conceptual deficiencies (such as inconsistent conceptual intensions, a vague conceptual boundary, confusing instances, overgeneralization and abuse) of the term making serious negative impacts on the understanding, analysis and defense of social engineering attacks. Social engineering has posed a serious security threat to infrastructure, user, data and operations of cyberspace. Finally, we propose to open up the discourse on social engineering and its inscribed politics of deficit construction and securitization and advocate for companies and policy makers to establish and foster a culture of cyber in/security and corporate responsibility. Our findings suggest a redistribution of institutional responsibility to the individual user through three distinct social engineering storylines – “the oblivious employee”, “speaking code and social”, “fixing human flaws”. Empirically, our analysis builds on a multi-sited conference ethnography during three cyber security conferences as well as an extensive document analysis. To do so, we link work in STS on the politics of deficit construction to recent work in critical security studies (CSS) on securitization and resilience. Second, we will investigate the normative tensions that these practices create. We will first show how the rhetorical figure of the deficient user is constructed vis-à-vis notions of (in)security in social engineering discourses.
In this paper, we explore how discursive framings of individual versus collective security by cyber security experts redefine roles and responsibilities at the digitalized workplace. Cyber security experts use the term “social engineering” to highlight the “human factor" in digitized systems, as social engineering attacks aim at manipulating people to reveal sensitive information.
Today, social engineering techniques are the most common way of committing cybercrimes through the intrusion and infection of computer systems.
0 kommentar(er)
