By Topic

2015 Workshop on Socio-Technical Aspects in Security and Trust

13-13 July 2015

Filter Results

Displaying Results 1 - 16 of 16
  • [Front cover]

    Publication Year: 2015, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1429 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2015, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (51 KB)
    Freely Available from IEEE
  • [Title page ii]

    Publication Year: 2015, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (118 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2015, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (119 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2015, Page(s): v
    Request permission for commercial reuse | PDF file iconPDF (119 KB)
    Freely Available from IEEE
  • Foreword

    Publication Year: 2015, Page(s): vi
    Request permission for commercial reuse | PDF file iconPDF (83 KB) | HTML iconHTML
    Freely Available from IEEE
  • General and Program Chairs

    Publication Year: 2015, Page(s): vii
    Request permission for commercial reuse | PDF file iconPDF (79 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2015, Page(s): viii
    Request permission for commercial reuse | PDF file iconPDF (81 KB)
    Freely Available from IEEE
  • Supporting organizations

    Publication Year: 2015, Page(s): ix
    Request permission for commercial reuse | PDF file iconPDF (136 KB)
    Freely Available from IEEE
  • A technique for using employee perception of security to support usability diagnostics

    Publication Year: 2015, Page(s):1 - 8
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB) | HTML iconHTML

    Problems of unusable security in organisations are widespread, yet security managers tend not to listen to employees' views on how usable or beneficial security controls are for them in their roles. Here we provide a technique to drive management of security controls using end-user perceptions of security as supporting data. Perception is structured at the point of collection using Analytic Hierar... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An analysis of social engineering principles in effective phishing

    Publication Year: 2015, Page(s):9 - 16
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (180 KB) | HTML iconHTML

    Phishing is a widespread practice and a lucrative business. It is invasive and hard to stop: a company needs to worry about all emails that all employees receive, while an attacker only needs to have a response from a key person, e.g., a finance or human resources' responsible, to cause a lot of damages. Some research has looked into what elements make phishing so successful. Many of these element... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Regression nodes: extending attack trees with data from social sciences

    Publication Year: 2015, Page(s):17 - 23
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (161 KB) | HTML iconHTML

    In the field of security, attack trees are often used to assess security vulnerabilities probabilistically in relation to multi-step attacks. The nodes are usually connected via AND-gates, where all children must be executed, or via OR-gates, where only one action is necessary for the attack step to succeed. This logic, however, is not suitable for including human interaction such as that of socia... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How people help fraudsters steal their money: an analysis of 600 online banking fraud cases

    Publication Year: 2015, Page(s):24 - 31
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (165 KB) | HTML iconHTML

    This paper presents an analysis of 600 phishing and malware incidents obtained from a Dutch bank. We observed from these cases that the behavior of customers in the fraudulent process entails giving away personal information to fraudsters. Phishing victimization occurred by responding to a false e-mail, a fraudulent phone call or a combination of these. Malware victimization occurred by responding... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Alternative Authentication in the Wild

    Publication Year: 2015, Page(s):32 - 39
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (590 KB) | HTML iconHTML

    Alphanumeric authentication routinely fails to regulate access to resources with the required stringency, primarily due to usability issues. Initial deployment did not reveal the problems of passwords, deep and profound flaws only emerged once passwords were deployed in the wild. The need for a replacement is widely acknowledged yet despite over a decade of research into knowledge-based alternativ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Publication Year: 2015, Page(s): 40
    Request permission for commercial reuse | PDF file iconPDF (52 KB)
    Freely Available from IEEE
  • [Publisher's information]

    Publication Year: 2015, Page(s): 42
    Request permission for commercial reuse | PDF file iconPDF (136 KB)
    Freely Available from IEEE