01 Sep 2015 - 01 Sep 2018
Latest insights into security breaches reveal that most of the security incidents include the human element as a major component of their attacks: about 90% of the attacks include several enabling steps in the attack belonging to the area of Social Engineering (SE) [Ref.26].
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. The term "social engineering" as an act of psychological manipulation is also associated with the social sciences, but its usage has caught on among computer and information security professionals. (Source: Wikipedia – “Social Engineering”).
Current approaches to IT security and risk management tend to underestimate, or even ignore, the human element in their calculation due to a lack of assessment models, tools, processes and legal backing.
DOGANA will change that situation by pursing three main goals:
1. Raise end-user awareness for social engineering attacks by providing adequate techniques
2. Provide comprehensive risk assessment for companies (including the tool chain needed)
3. Create a legal reference framework to allow compliant risk assessment