Publication details

Home Publication details

An Assessment of People’s Vulnerabilities in Relation to Personal and Sensitive Data
Sanders B, Haskell-Dowland PS (Dowland PS), Furnell SM
Proceedings of the Third International Symposium on Human Aspects of Information Security & Assurance (HAISA 2009), Athens, Greece, ISBN: 978-1-84102-231-4, pp50-60, 2009
Can be ordered on-line.
Download links:  Download PDF

Social engineering refers to a number of techniques that are used to exploit human vulnerabilities and manipulate people into breaking normal security procedures. Evidence suggests that this problem is rapidly increasing and cyber criminals are using a magnitude of different avenues to reach their intended victims. This paper presents an assessment of people’s vulnerabilities in relation to personal and sensitive data. The experiment used an online web survey which comprised of both direct and non-direct social engineering attack scenarios. In addition the survey measured and assessed the level of risk that social networking users are currently exposing themselves to. The results showed that respondent’s security awareness levels had improved on previous studies but significant problems still existed with user’s abilities to detect and appropriately respond to social engineering threats.

Sanders B, Haskell-Dowland PS (Dowland PS), Furnell SM