Towards a Security Lifecycle Model against Social Engineering Attacks: SLM-SEA
This addresses security vulnerabilities for organizations, but it is incremental as it applies an existing managerial approach to a specific domain.
The study tackled the problem of social engineering attacks by analyzing why employees in the Turkish public sector share sensitive information, finding that they lack awareness and ignore security procedures.
This research considers the impact of social engineering security attacks which are noted as taking opportunities for critically exploiting user awareness and behavior. The research proposes in this respect a managerial method in an attempt to enhance or even ensure protection. The aim of this study is to construct a security lifecycle model against these eventualities and to analyze the test results that have been carried out within the context of the Turkish public sector. The main objective of the study is to determine why employees shared sensitive information by stating fallacies and related amendments through interviews and thus to understand user actions when they are face to face with a real social engineering attack. The research findings demonstrate that employees in Turkish public organizations are not sufficiently aware of information security and they generally ignore critically important security procedures. This represents an important illustration of the increasing need for further generalized user awareness and responsibilities where individuals and not simply software form a critical element of the security protection portfolio.