Social Engineering Academy (EN)

Methodology

The foundational methodology of our trainings is called Enabling Persuasion Knowledge. We work with employees in interactive trainings and teach the basic techniques of social engineering. This way employees learn to recognise the prevent these techniques. These techniques are known as persuasion in psychology. The essence of persuasion is to influence people with the goal to acquire confidential, private or privileged information. We train the instances of these techniques that social engineering attackers use in serious games which also comprise the defence against these techniques. 

Short Overview

We provide a description of our basic methodology Enabling Persuasion Knowledge in our Short Overview. The method is based on our research and empirically validated. 

Publications

Please find all our publications of our research on which the work of the Social Engineering Academy is founded. Moreover, you can find a list of all publications of the employees of the Social Engineering Academy on the page About Us

  1. Schaab,P., Beckers,K., Pape,S.: Social engineering defence mechanisms and counteracting training strategies. Inf. & Comput. Security 25(2) (2017) 206–222
  2. Kipker,D.K., Pape,S., Beckers,K.: Juristische Bewertung eines Social-Engineering-Abwehrtrainings. In: ITS Kritis Rahmenwerk. (2018) to appear.
  3. Sailer, M., Hoppenz, C., Beckers, K., Pape, S.: Förderung von IT-Sicherheitsbewusstheit durch spielbasiertes Lernen - eine experimentelle Studie. In: Tagung der Sektion ”Empirische Bildungsforschung” – Educational Research and Governance (AEPF 2017). Number ID: 276/EPS10:3 (2017)
  4. Beckers, K., Schosser, D., Pape, S., Schaab, P.: A structured comparison of social engineering intelligence gathering tools. In: Trust, Privacy and Security in Digital Business - 14th International Conference, TrustBus 2017, Lyon, France, August 30-31, 2017, Proceedings. (2017) 232–246
  5. Beckers, K., Fries, V., Groen, E.C., Pape, S.: Creativity techniques for social engineering threat elicitation: A controlled experiment. In: Proceedings of REFSQ-2017. (2017)
  6. Ki-Aries, D., Faily, S., Beckers, K.: Persona-driven information security awareness. In: Proceedings of British HCI 2016, ACM (2016)
  7. Beckers, K., Pape, S., Fries, V.: Hatch: Hack and trick capricious humans a serious game on social engineering. In: Proceedings of British HCI 2016, ACM (2016) 16–25
  8. Beckers, K., Pape, S.: A serious game for eliciting social engineering security requirements. In: Proceedings of the 24th IEEE International Conference on Requirements Engineering. RE ’16, IEEE Computer Society (2016)
  9. Beckers, K., Krautsevich, L., Yautsiukhin, A.: Using attack graphs to analyze social engineering threats. IJSSE 6(2) (2015) 47–69
  10. Schaab, P., Beckers, K., Pape, S.: A systematic gap analysis of social engineering defence mechanisms con- sidering social psychology. In: Tenth International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016, Frankfurt, Germany, July 19-21, 2016, Proceedings. (2016) 241–251
  11. Beckers, K., Krautsevich, L., Yautsiukhin, A.: Analysis of Social Engineering Threats with Attack Graphs. In: Proceedings of the 3rd International Workshop on Quantitative Aspects in Security Assurance (QASA) - Affiliated workshop with ESORICS. Volume 8872 of LNCS., Springer (2014) 216–232