Cybersecurity

Aspectual Human Performance Variability in Social Engineering Attacks

Abstract:

Most of the influence and persuasion techniques used in social engineering have been documented across many domains, including cybersecurity, and have been shown to rely on similar effect mechanisms used in areas such as marketing, scams, and street cons. This paper shows that, while these attacks are explained in terms of the social and psychological effect mechanisms, the aspectual lens provides a more nuanced understanding of human performance variability implicated in social engineering. The aspectual lens provides a comprehensive analytical and ontological framing, and hints at aspectually informed measures for mitigating social engineering attacks and dampening the said human performance variability.

Published In

Volume 23, Issue 1

Written By

Mamello Thinyane

The Cybersecurity Framework’s Most Vulnerable User: Small Business

Abstract:

The broad applicability of the National Institute for Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, commonly known as the Cybersecurity Framework (CSF), creates a utility gap for small and medium businesses (SMB) to apply and implement the framework effectively within their organizations. The purpose of this research is to explore and interpret the CSF in the context of small and medium businesses with implications of bridging the utility gap for this significant, yet vulnerable, population; specifically, this paper contributes detailed interpretations and actions of the NIST CSF that can be implemented by SMBs to help improve their cybersecurity stance.

Published In

Volume 22, Issue 4

Written By

Nicklous Salzman

Towards Improving APT Mitigation: A Case for Counter-APT Red Teaming

Abstract:

Vulnerabilities leveraged by Advanced Persistent Threats (APTs) that ultimately allow them to gain access to critical data and unveil private information are often far removed from the portions of the security environment where initial access is gained. This paper presents a defensi- ble scholarly decomposition of the red-team process itself and discusses how traditional red-team assessments may not be the most effective solution for emulating APT threats and mitigating their impacts.

Published In

Volume 18, Issue 1

Written By

J.G. Oakley

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

(

2

3

4

8

9

A
AI
APT

a

B

C
C2
C2S
CDX
CIA
CIP
CPS

D
DNS
DoD
DoS

E

e

F

G

H

I
IA
ICS

i

J

K

L

M

N

O

P

Q

R

S
SOA

T

t

U

V

W

X
XRY

Y

Z

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com