From the article: This paper describes the external IT security analysis of an international corporate organization, containing a technical and a social perspective, resulting in a proposed repeatable approach and lessons learned for applying this approach. Part of the security analysis was the utilization of a social engineering experiment, as this could be used to discover employee related risks. This approach was based on multiple signals that indicated a low IT security awareness level among employees as well as the results of a preliminary technical analysis. To carry out the social engineering experiment, two techniques were used. The first technique was to send phishing emails to both the system administrators and other employees of the company. The second technique comprised the infiltration of the office itself to test the physical security, after which two probes were left behind. The social engineering experiment proved that general IT security awareness among employees was very low. The results allowed the research team to infiltrate the network and have the possibility to disable or hamper crucial processes. Social engineering experiments can play an important role in conducting security analyses, by showing security vulnerabilities and raising awareness within a company. Therefore, further research should focus on the standardization of social engineering experiments to be used in security analyses and further development of the approach itself. This paper provides a detailed description of the used methods and the reasoning behind them as a stepping stone for future research on this subject. van Liempd, D., Sjouw, A., Smakman, M., & Smit, K. (2019). Social Engineering As An Approach For Probing Organizations To Improve It Security: A Case Study At A Large International Firm In The Transport Industry. 119-126. https://doi.org/10.33965/es2019_201904l015
MULTIFILE
NL samenvatting: In dit verkennend onderzoek werden social engineering-aanvallen bestudeerd, vooral de aanvallen die mislukten, om organisaties te helpen weerbaarder te worden. Fysieke, telefonische en digitale aanvallen werden uitgevoerd met behulp van een script volgens de 'social engineering-cyclus'. We gebruikten het COM-B model van gedragsverandering, verfijnd door het Theoretical Domains Framework, om door middel van een enquête te onderzoeken hoe Capability, Motivational en vooral Opportunity factoren helpen om de weerbaarheid van organisaties tegen social engineering-aanvallen te vergroten. Binnen Opportunity leek sociale invloed van extra belang. Werknemers die in kleine ondernemingen werken (<50 werknemers) waren succesvoller in het weerstaan van digitale social engineering-aanvallen dan werknemers die in grotere organisaties werken. Een verklaring hiervoor zou een grotere mate van sociale controle kunnen zijn; deze medewerkers werken dicht bij elkaar, waardoor ze in staat zijn om onregelmatigheden te controleren of elkaar te waarschuwen. Ook het installeren van een gespreksprotocol over hoe om te gaan met buitenstaanders was een maatregel die door alle organisaties werd genomen waar telefonische aanvallen faalden. Daarom is het moeilijker voor een buitenstaander om toegang te krijgen tot de organisatie door middel van social engineering. Dit artikel eindigt met een discussie en enkele aanbevelingen voor organisaties, bijvoorbeeld met betrekking tot het ontwerp van de werkomgeving, om hun weerbaarheid tegen social engineering-aanvallen te vergroten. ENG abstract: In this explorative research social engineering attacks were studied, especially the ones that failed, in order to help organisations to become more resilient. Physical, phone and digital attacks were carried out using a script following the ‘social engineering cycle’. We used the COM-B model of behaviour change, refined by the Theoretical Domains Framework, to examine by means of a survey how Capability, Motivational and foremost Opportunity factors help to increase resilience of organisations against social engineering attacks. Within Opportunity, social influence seemed of extra importance. Employees who work in small sized enterprises (<50 employees) were more successful in withstanding digital social engineering attacks than employees who work in larger organisations. An explanation for this could be a greater amount of social control; these employees work in close proximity to one another, so they are able to check irregularities or warn each other. Also, having a conversation protocol installed on how to interact with outsiders, was a measure taken by all organisations where attacks by telephone failed. Therefore, it is more difficult for an outsider to get access to the organisation by means of social engineering. This paper ends with a discussion and some recommendations for organisations, e.g. the design of the work environment, to help increase their resilience against social engineering attacks. https://openaccess.cms-conferences.org/publications/book/978-1-958651-29-2/article/978-1-958651-29-2_8 DOI: 10.54941/ahfe1002203
DOCUMENT
The pace of introduction of new technology and thus continuous change in skill needs at workplaces, especially for the engineers, has increased. While digitization induced changes in manufacturing, construction and supply chain sectors may not be felt the same in every sector, this will be hard to escape. Both young and experienced engineers will experience the change, and the need to continuously assess and close the skills gap will arise. How will we, the continuing engineering educators and administrators will respond to it? Prepared for engineering educators and administrators, this workshop will shed light on the future of continuing engineering education as we go through exponentially shortened time frames of technological revolution and in very recent time, in an unprecedented COVID-19 pandemic. S. Chakrabarti, P. Caratozzolo, E. Sjoer and B. Norgaard.
DOCUMENT
People tend to disclose personal identifiable information (PII) that could be used by cybercriminals against them. Often, persuasion techniques are used by cybercriminals to trick people to disclose PII. This research investigates whether people can be made less susceptible to persuasion by reciprocation (i.e., making people feel obligated to return a favour) and authority, particularly in regard to whether information security knowledge and positive affect moderate the relation between susceptibility to persuasion and disclosing PII. Data are used from a population-based survey experiment that measured the actual disclosure of PII in an experimental setting (N = 2426). The results demonstrate a persuasion–disclosure link, indicating that people disclose more PII when persuaded by reciprocation, but not by authority. Knowledge of information security was also found to relate to disclosure. People disclosed less PII when they possessed more knowledge of information security. Positive affect was not related to the disclosure of PII. And contrary to expectations, no moderating effects were found of information security knowledge nor positive affect on the persuasion–disclosure link. Possible explanations are discussed, as well as limitations and future research directions. Uitgegeven door Sage, APA beschrijving: van der Kleij, R., van ‘t Hoff—De Goede, S., van de Weijer, S., & Leukfeldt, R. (2023). Social engineering and the disclosure of personal identifiable information: Examining the relationship and moderating factors using a population-based survey experiment. Journal of Criminology, 56(2-3), 278-293. https://doi.org/10.1177/26338076231162660
DOCUMENT
This paper is a case report of why and how CDIO became a shared framework for Community Service Engineering (CSE) education. CSE can be defined as the engineering of products, product-service combinations or services that fulfill well-being and health needs in the social domain, specifically for vulnerable groups in society. The vulnerable groups in society are growing, while fewer people work in health care. Finding technical, interdisciplinary solutions for their unmet needs is the territory of the Community Service Engineer. These unmet needs arise in local niche markets as well as in the global community, which makes it an interesting area for innovation and collaboration in an international setting. Therefore, five universities from Belgium, Portugal, the Netherlands, and Sweden decided to work together as hubs in local innovation networks to create international innovation power. The aim of the project is to develop education on undergraduate, graduate and post-graduate levels. The partners are not aiming at a joined degree or diploma, but offer a shared short track blended course (3EC), which each partner can supplement with their own courses or projects (up to 30EC). The blended curriculum in CSE is based on design thinking principles. Resources are shared and collaboration between students and staff is organized at different levels. CDIO was chosen as the common framework and the syllabus 2.0 was used as a blueprint for the CSE learning goals in each university. CSE projects are characterized by an interdisciplinary, human centered approach leading to inter-faculty collaboration. At the university of Porto, EUR-ACE was already used as the engineering education framework, so a translation table was used to facilitate common development. Even though Thomas More and KU Leuven are no CDIO partner, their choice for design thinking as the leading method in the post-Masters pilot course insured a good fit with the CDIO syllabus. At this point University West is applying for CDIO and they are yet to discover what the adaptation means for their programs and their emerging CSE initiatives. CDIO proved to fit well to in the authentic open innovation network context in which engineering students actively do CSE projects. CDIO became the common language and means to continuously improve the quality of the CSE curriculum.
DOCUMENT
The Living Lab approach has become popular and developed in the past decade. It could provide a configuration to pursue a shared vision of integrated water resources management of the Citarum River in West Java - Indonesia. The multi-stakeholder situation and the growing recognition of interdependencies among stakeholders foster the complexity of addressing sustainable river management for the Upper Citarum River. To gain insights on essential competencies and adaptations in higher education curricula, the Environmental Engineering Department of the Faculty of Civil and Environmental Engineering-ITB, Telkom University Indonesia, and Van Hall Larenstein University of Applied Sciences, Netherlands, joined hands in a collaborative research project. This study aims to develop a socio-engineering aspect for sustainable river water quality management in the Environmental Engineering Field and Curricula. The methods used are social imaginaries of Participatory Mapping and a Poetry Route that allowed the involved river bank communities to activate their role and take positions in the living lab. Institutional stakeholders, acting in a facilitating role, learned to gain and share information from and with the community. The result concludes that social imaginaries methods enable a new perspective in developing community-based programs and advocate further exploring the socio-engineering competencies of environmental professionals.
LINK
In the current discourses on sustainable development, one can discern two main intellectual cultures: an analytic one focusing on measuring problems and prioritizing measures, (Life Cycle Analysis (LCA), Mass Flow Analysis (MFA), etc.) and; a policy/management one, focusing on long term change, change incentives, and stakeholder management (Transitions/niches, Environmental economy, Cleaner production). These cultures do not often interact and interactions are often negative. However, both cultures are required to work towards sustainability solutions: problems should be thoroughly identified and quantified, options for large change should be guideposts for action, and incentives should be created, stakeholders should be enabled to participate and their values and interests should be included in the change process. The paper deals especially with engineering education. Successful technological change processes should be supported by engineers who have acquired strategic competences. An important barrier towards training academics with these competences is the strong disciplinarism of higher education. Raising engineering students in strong disciplinary paradigms is probably responsible for their diminishing public engagement over the course of their studies. Strategic competences are crucial to keep students engaged and train them to implement long term sustainable solutions.
DOCUMENT
Social engineering is een techniek die veel gebruikt wordt door cybercriminelen. Door het slinks toepassen van be'invloedingstechnieken op medewerkers kunnen die verleid warden om gevoelige informatie prijs te geven. In dit artikel beschrijven we de resultaten van 98 social engineeringsaanvallen op organisaties, verricht door studenten van de Haagse Hogeschool. Dit geeft meer inzicht in de kwetsbaarheden, wat kan helpen meer cyberweerbaar te warden. Cybercrime is een veel voorkomende vorm van criminaliteit. Hacken komt bijvoorbeeld vaker voor dan fietsendiefstal (respectievelijk 4,9 en 4 procent). Het gedrag van mensen wordt steeds vaker erkend als belangrijke risicofactor bij cybersecurity. Een schatting van Ernst en Young is dat 83 procent van alle cyberincidenten te wijten is aan menselijk handelen. Cybercriminelen richten zich in hun aanvallen dan ook vaak op 'de mens'. Met behulp van allerlei verleidingstechnieken proberen ze medewerkers aan te zetten tot het uitvoeren van onveilige handelingen, zoals het invullen van gegevens op een phishingwebsite of het klikken op een link met een malwarebesmetting tot gevolg. Deze misleiding wordt ook we! social engineering genoemd. Door de medewerker te misleiden kunnen technische en fysieke beschermingsmaatregelen worden omzeild. LinkedIn: https://www.linkedin.com/in/michelle-ancher-72804a10/ https://www.linkedin.com/in/rutgerleukfeldt/
DOCUMENT
This paper describes a model for education in innovative engineering. The kernel of this model is, that students from different departments of the faculty of Applied Science and Technology are placed in industry for a period of eighteen months after two-and-a-half year of theoretical studies. During this period students work in multi-disciplinary projects on different themes. Students will grow to fully equal employees in industry. Therefore it is important that besides students, teachers and company employees will participate in the projects. Also the involvement of other level students (University and high school) is recommended. The most important characteristics of the model can be summarized in innovative, interdisciplinary and international orientation.
DOCUMENT
The paper summarizes two models for engineering education, as discussed in earlier papers. The first model (Corporate Curriculum) aims to bring Industry into the school, while the second model (I3) intends to bring the school into Industry. The contribution of the presented models to the Bologna Declaration and to the Renaissance Engineer idea are discussed.
DOCUMENT
