A Human Vulnerability Assessment Methodology

摘要

Organisations are struggling to keep pace with the threats posed to their information security by hackers and the growing sophistication of both technical and non-technical cyber-attacks. Many countermeasures have been discussed, developed and deployed, yet the human element remains the least understood and a significant weak link within the system. With this in mind, the social engineer uses a combination of tactics to exploit the vulnerabilities each individual has, to gain access to systems and sensitive information. This paper indicates that not all individuals are susceptible to the same attack, but instead that each of us is likely to succumb to a different type of tactic. Our objective is to combine personality preference and attackers' tactics to propose a vulnerability assessment methodology for the human within the system.