Het platform voor open en praktijkgericht onderzoek

Producten 2.421

product

Social Engineering as an Approach for Probing Organizations to Improve IT Security

From the article: This paper describes the external IT security analysis of an international corporate organization, containing a technical and a social perspective, resulting in a proposed repeatable approach and lessons learned for applying this approach. Part of the security analysis was the utilization of a social engineering experiment, as this could be used to discover employee related risks. This approach was based on multiple signals that indicated a low IT security awareness level among employees as well as the results of a preliminary technical analysis. To carry out the social engineering experiment, two techniques were used. The first technique was to send phishing emails to both the system administrators and other employees of the company. The second technique comprised the infiltration of the office itself to test the physical security, after which two probes were left behind. The social engineering experiment proved that general IT security awareness among employees was very low. The results allowed the research team to infiltrate the network and have the possibility to disable or hamper crucial processes. Social engineering experiments can play an important role in conducting security analyses, by showing security vulnerabilities and raising awareness within a company. Therefore, further research should focus on the standardization of social engineering experiments to be used in security analyses and further development of the approach itself. This paper provides a detailed description of the used methods and the reasoning behind them as a stepping stone for future research on this subject. van Liempd, D., Sjouw, A., Smakman, M., & Smit, K. (2019). Social Engineering As An Approach For Probing Organizations To Improve It Security: A Case Study At A Large International Firm In The Transport Industry. 119-126. https://doi.org/10.33965/es2019_201904l015

MULTIFILE

Social Engineering as an Approach for Probing Organizations to Improve IT Security

product

Exploring Human and Environmental Factors that Make Organizations Resilient to Social Engineering Attacks

NL samenvatting: In dit verkennend onderzoek werden social engineering-aanvallen bestudeerd, vooral de aanvallen die mislukten, om organisaties te helpen weerbaarder te worden. Fysieke, telefonische en digitale aanvallen werden uitgevoerd met behulp van een script volgens de 'social engineering-cyclus'. We gebruikten het COM-B model van gedragsverandering, verfijnd door het Theoretical Domains Framework, om door middel van een enquête te onderzoeken hoe Capability, Motivational en vooral Opportunity factoren helpen om de weerbaarheid van organisaties tegen social engineering-aanvallen te vergroten. Binnen Opportunity leek sociale invloed van extra belang. Werknemers die in kleine ondernemingen werken (<50 werknemers) waren succesvoller in het weerstaan van digitale social engineering-aanvallen dan werknemers die in grotere organisaties werken. Een verklaring hiervoor zou een grotere mate van sociale controle kunnen zijn; deze medewerkers werken dicht bij elkaar, waardoor ze in staat zijn om onregelmatigheden te controleren of elkaar te waarschuwen. Ook het installeren van een gespreksprotocol over hoe om te gaan met buitenstaanders was een maatregel die door alle organisaties werd genomen waar telefonische aanvallen faalden. Daarom is het moeilijker voor een buitenstaander om toegang te krijgen tot de organisatie door middel van social engineering. Dit artikel eindigt met een discussie en enkele aanbevelingen voor organisaties, bijvoorbeeld met betrekking tot het ontwerp van de werkomgeving, om hun weerbaarheid tegen social engineering-aanvallen te vergroten. ENG abstract: In this explorative research social engineering attacks were studied, especially the ones that failed, in order to help organisations to become more resilient. Physical, phone and digital attacks were carried out using a script following the ‘social engineering cycle’. We used the COM-B model of behaviour change, refined by the Theoretical Domains Framework, to examine by means of a survey how Capability, Motivational and foremost Opportunity factors help to increase resilience of organisations against social engineering attacks. Within Opportunity, social influence seemed of extra importance. Employees who work in small sized enterprises (<50 employees) were more successful in withstanding digital social engineering attacks than employees who work in larger organisations. An explanation for this could be a greater amount of social control; these employees work in close proximity to one another, so they are able to check irregularities or warn each other. Also, having a conversation protocol installed on how to interact with outsiders, was a measure taken by all organisations where attacks by telephone failed. Therefore, it is more difficult for an outsider to get access to the organisation by means of social engineering. This paper ends with a discussion and some recommendations for organisations, e.g. the design of the work environment, to help increase their resilience against social engineering attacks. https://openaccess.cms-conferences.org/publications/book/978-1-958651-29-2/article/978-1-958651-29-2_8 DOI: 10.54941/ahfe1002203

PDF

Exploring Human and Environmental Factors that Make Organizations Resilient to Social Engineering Attacks

product

Strategic competences for concrete action towards sustainability: : An oxymoron?

In the current discourses on sustainable development, one can discern two main intellectual cultures: an analytic one focusing on measuring problems and prioritizing measures, (Life Cycle Analysis (LCA), Mass Flow Analysis (MFA), etc.) and; a policy/management one, focusing on long term change, change incentives, and stakeholder management (Transitions/niches, Environmental economy, Cleaner production). These cultures do not often interact and interactions are often negative. However, both cultures are required to work towards sustainability solutions: problems should be thoroughly identified and quantified, options for large change should be guideposts for action, and incentives should be created, stakeholders should be enabled to participate and their values and interests should be included in the change process. The paper deals especially with engineering education. Successful technological change processes should be supported by engineers who have acquired strategic competences. An important barrier towards training academics with these competences is the strong disciplinarism of higher education. Raising engineering students in strong disciplinary paradigms is probably responsible for their diminishing public engagement over the course of their studies. Strategic competences are crucial to keep students engaged and train them to implement long term sustainable solutions.

PDF

Strategic competences for concrete action towards sustainability: : An oxymoron?

product

CDIO as Blueprint for Community Service Engineering Education

This paper is a case report of why and how CDIO became a shared framework for Community Service Engineering (CSE) education. CSE can be defined as the engineering of products, product-service combinations or services that fulfill well-being and health needs in the social domain, specifically for vulnerable groups in society. The vulnerable groups in society are growing, while fewer people work in health care. Finding technical, interdisciplinary solutions for their unmet needs is the territory of the Community Service Engineer. These unmet needs arise in local niche markets as well as in the global community, which makes it an interesting area for innovation and collaboration in an international setting. Therefore, five universities from Belgium, Portugal, the Netherlands, and Sweden decided to work together as hubs in local innovation networks to create international innovation power. The aim of the project is to develop education on undergraduate, graduate and post-graduate levels. The partners are not aiming at a joined degree or diploma, but offer a shared short track blended course (3EC), which each partner can supplement with their own courses or projects (up to 30EC). The blended curriculum in CSE is based on design thinking principles. Resources are shared and collaboration between students and staff is organized at different levels. CDIO was chosen as the common framework and the syllabus 2.0 was used as a blueprint for the CSE learning goals in each university. CSE projects are characterized by an interdisciplinary, human centered approach leading to inter-faculty collaboration. At the university of Porto, EUR-ACE was already used as the engineering education framework, so a translation table was used to facilitate common development. Even though Thomas More and KU Leuven are no CDIO partner, their choice for design thinking as the leading method in the post-Masters pilot course insured a good fit with the CDIO syllabus. At this point University West is applying for CDIO and they are yet to discover what the adaptation means for their programs and their emerging CSE initiatives. CDIO proved to fit well to in the authentic open innovation network context in which engineering students actively do CSE projects. CDIO became the common language and means to continuously improve the quality of the CSE curriculum.

PDF

CDIO as Blueprint for Community Service Engineering Education

Personen 2

persoon

Jos van der Sterren

Senior Researcher and Lecturer Tourism, SMEs and Financial Inclusion.

persoon

Sarah Mbawa

Promovendus

Projecten 15

project

[STEPS] Sustaining the Social: Design Guidelines for Sustainable Public Space

Designing cities that are socially sustainable has been a significant challenge until today. Lately, European Commission’s research agenda of Industy 5.0 has prioritised a sustainable, human-centric and resilient development over merely pursuing efficiency and productivity in societal transitions. The focus has been on searching for sustainable solutions to societal challenges, engaging part of the design industry. In architecture and urban design, whose common goal is to create a condition for human life, much effort was put into elevating the engineering process of physical space, making it more efficient. However, the natural process of social evolution has not been given priority in urban and architectural research on sustainable design. STEPS stems from the common interest of the project partners in accessible, diverse, and progressive public spaces, which is vital to socially sustainable urban development. The primary challenge lies in how to synthesise the standardised sustainable design techniques with unique social values of public space, propelling a transition from technical sustainability to social sustainability. Although a large number of social-oriented studies in urban design have been published in the academic domain, principles and guidelines that can be applied to practice are large missing. How can we generate operative principles guiding public space analysis and design to explore and achieve the social condition of sustainability, developing transferable ways of utilising research knowledge in design? STEPS will develop a design catalogue with operative principles guiding public space analysis and design. This will help designers apply cross-domain knowledge of social sustainability in practice.

Lopend

project

Application of wastewater treatment systems to minimize the water consumption of a pulp mill located in the Rio Doce basin (WatMin).

Due to the existing pressure for a more rational use of the water, many public managers and industries have to re-think/adapt their processes towards a more circular approach. Such pressure is even more critical in the Rio Doce region, Minas Gerais, due to the large environmental accident occurred in 2015. Cenibra (pulp mill) is an example of such industries due to the fact that it is situated in the river basin and that it has a water demanding process. The current proposal is meant as an academic and engineering study to propose possible solutions to decrease the total water consumption of the mill and, thus, decrease the total stress on the Rio Doce basin. The work will be divided in three working packages, namely: (i) evaluation (modelling) of the mill process and water balance (ii) application and operation of a pilot scale wastewater treatment plant (iii) analysis of the impacts caused by the improvement of the process. The second work package will also be conducted (in parallel) with a lab scale setup in The Netherlands to allow fast adjustments and broaden evaluation of the setup/process performance. The actions will focus on reducing the mill total water consumption in 20%.

Afgerond

project

Business Model Circulaire Parkkade

Het project Circulaire Parkkade (CPk) is een project aan de Heysekade in de Zuid-Rotterdamse wijk Heijplaat waarbij een circulaire en grotendeels zelfvoorzienende woonbuurt wordt gebouwd. Er worden 19 woningen gebouwd van hergebruikte en biobased materialen en de gemeenschappelijke tuin staat in het teken van de productie van groente en fruit. De toekomstige bewoners wekken en slaan gezamenlijk elektriciteit en warmte op en zuiveren zelf het opgevangen regenwater. De ecologie hangt hier nauw mee samen: diversiteit in planten, de begroeiing en het oppervlaktewater binnen de wijk. Doordat de bewoners hun eigen systemen beheren, wordt ook bijgedragen aan de sociale cohesie van de wijkbewoners. In de verkennende fase van het project wordt een studie uitgevoerd naar een passend businessmodel dat rekening houdt met de circulaire aspecten. Vanwege het karakter van het project, de wijk en de woningen, is een klassieke grondexploitatie niet van toepassing. Het ontbreken van afval, klassiek eigendom en voorzieningen, zijn atypische uitgangspunten voor het opstellen van een grond- en opstal exploitatie. De studie moet antwoord geven op circulaire aspecten van de systemen voor warmteopwekking en –opslag, elektrische distributie icm smart technologie, water, voedsel, groen en (het ontbreken van) afval. Op basis van deze aspecten kan een geïntegreerd circulaire businessmodel worden opgesteld, dat de noodzakelijke input is voor de engineering, ontwikkeling en bouw van de CPk. Tevens beoogt het project het netwerk betrokken bij de CPk te versterken en verbreden. Deze aanvraag is tevens voorbereidend op een subsidieaanvraag in het kader van de aankomende call NWA Route 12 Circulaire economie en grondstoffenefficiëntie.

Afgerond

project

Human Centered Smart Factories: design for wellbeing for future manufacturing

Manual labour is an important cornerstone in manufacturing and considering human factors and ergonomics is a crucial field of action from both social and economic perspective. Diverse approaches are available in research and practice, ranging from guidelines, ergonomic assessment sheets over to digitally supported workplace design or hardware oriented support technologies like exoskeletons. However, in the end those technologies, methods and tools put the working task in focus and just aim to make manufacturing “less bad” with reducing ergonomic loads as much as possible. The proposed project “Human Centered Smart Factories: design for wellbeing for future manufacturing” wants to overcome this conventional paradigm and considers a more proactive and future oriented perspective. The underlying vision of the project is a workplace design for wellbeing that makes labor intensive manufacturing not just less bad but aims to provide positive contributions to physiological and mental health of workers. This shall be achieved through a human centered technology approach and utilizing advanced opportunities of smart industry technologies and methods within a cyber physical system setup. Finally, the goal is to develop smart, shape-changing workstations that self-adapt to the unique and personal, physical and cognitive needs of a worker. The workstations are responsive, they interact in real time, and promote dynamic activities and varying physical exertion through understanding the context of work. Consequently, the project follows a clear interdisciplinary approach and brings together disciplines like production engineering, human interaction design, creative design techniques and social impact assessment. Developments take place in an industrial scale test bed at the University of Twente but also within an industrial manufacturing factory. Through the human centered design of adaptive workplaces, the project contributes to a more inclusive and healthier society. This has also positive effects from both national (e.g. relieve of health system) as well as individual company perspective (e.g. less costs due to worker illness, higher motivation and productivity). Even more, the proposal offers new business opportunities through selling products and/or services related to the developed approach. To tap those potentials, an appropriate utilization of the results is a key concern . The involved manufacturing company van Raam will be the prototypical implementation partner and serve as critical proof of concept partner. Given their openness, connections and broad range of processes they are also an ideal role model for further manufacturing companies. ErgoS and Ergo Design are involved as methodological/technological partners that deal with industrial engineering and ergonomic design of workplace on a daily base. Thus, they are crucial to critically reflect wider applicability and innovativeness of the developed solutions. Both companies also serve as multiplicator while utilizing promising technologies and methods in their work. Universities and universities of applied sciences utilize results through scientific publications and as base for further research. They also ensure the transfer to education as an important leverage to inspire and train future engineers towards wellbeing design of workplaces.

Lopend

project

Naar een ziekte-overstijgende aanpak van vermoeidheid bij jongeren met chronische aandoeningen

Jongeren met chronische aandoeningen worden vaak geconfronteerd met problemen in het dagelijks functioneren, waarbij vermoeidheid wordt genoemd als het meest invaliderend. De prevalentie van vermoeidheid onder jongeren met chronische aandoeningen varieert tussen de 51-75%. Vermoeidheid kan onafhankelijk ontstaan van het onderliggende pathologisch mechanisme; uit literatuur blijkt dat ziekte-specifieke benaderingen weinig of nauwelijks effect hebben op vermoeidheid. Vermoeidheid wordt bovendien te laat opgemerkt of blijft onbehandeld. Inzicht in de ziekte-overstijgende mechanismen van vermoeidheid is van belang om vroegtijdig opsporen en de ontwikkeling van passende interventies te faciliteren. Dit postdoc onderzoek richt zich op het ontrafelen van ziekte-overstijgende mechanismen van vermoeidheid vanuit het perspectief van jongeren, het gezin en de fysieke en sociale leefomgeving. Binnen een longitudinale cohortstudie gedurende 12 maanden worden 208 jongeren met verschillende chronische aandoeningen gemonitord. Naast traditionele onderzoeksmethodieken zoals vragenlijsten en fysieke testen, wordt gebruik gemaakt van remote sensoring, linked data en context mapping (=kwalitatieve methode). Studenten die participeren in het onderzoek zullen de mogelijkheden en beperkingen van zulke methoden ervaren. Dit kan o.a. bijdragen aan het integreren van zorgtechnologie in het dagelijks (kinder)fysiotherapeutisch handelen. We ontwikkelen een theoretisch raamwerk dat de basis legt voor betere vroegdetectie (op afstand en non-invasief) van vermoeidheid en voor het identificeren van mogelijke aangrijpingspunten voor behandeling (doelstelling 1 en 2). Verder draagt het postdoc onderzoek bij aan een beter inzicht in de rol van de sociale en fysieke leefomgeving bij de maatschappelijke participatie van jongeren met chronische aandoeningen (doelstelling 3). Studenten zullen in veldwerk ter plaatse metingen doen, de leefsituatie verkennen en samen met zorgprofessionals en docenten hun klinische blik verrijken. Doordat zij daadwerkelijk in de leefomgeving van jongeren zelf aanwezig zijn kan dit bijdragen aan bewustzijn over de rol van verschillende sociale en fysieke factoren op vermoeidheid en op de maatschappelijke participatie van jongeren met uiteenlopende chronische aandoeningen.

Afgerond

Producten 2.421

product

Social Engineering as an Approach for Probing Organizations to Improve IT Security

MULTIFILE

product

Exploring Human and Environmental Factors that Make Organizations Resilient to Social Engineering Attacks

PDF

product

Strategic competences for concrete action towards sustainability: : An oxymoron?

PDF

product

CDIO as Blueprint for Community Service Engineering Education

PDF