From the article: This paper describes the external IT security analysis of an international corporate organization, containing a technical and a social perspective, resulting in a proposed repeatable approach and lessons learned for applying this approach. Part of the security analysis was the utilization of a social engineering experiment, as this could be used to discover employee related risks. This approach was based on multiple signals that indicated a low IT security awareness level among employees as well as the results of a preliminary technical analysis. To carry out the social engineering experiment, two techniques were used. The first technique was to send phishing emails to both the system administrators and other employees of the company. The second technique comprised the infiltration of the office itself to test the physical security, after which two probes were left behind. The social engineering experiment proved that general IT security awareness among employees was very low. The results allowed the research team to infiltrate the network and have the possibility to disable or hamper crucial processes. Social engineering experiments can play an important role in conducting security analyses, by showing security vulnerabilities and raising awareness within a company. Therefore, further research should focus on the standardization of social engineering experiments to be used in security analyses and further development of the approach itself. This paper provides a detailed description of the used methods and the reasoning behind them as a stepping stone for future research on this subject. van Liempd, D., Sjouw, A., Smakman, M., & Smit, K. (2019). Social Engineering As An Approach For Probing Organizations To Improve It Security: A Case Study At A Large International Firm In The Transport Industry. 119-126. https://doi.org/10.33965/es2019_201904l015
MULTIFILE
From the article: This paper describes the external IT security analysis of an international corporate organization, containing a technical and a social perspective, resulting in a proposed repeatable approach and lessons learned for applying this approach. Part of the security analysis was the utilization of a social engineering experiment, as this could be used to discover employee related risks. This approach was based on multiple signals that indicated a low IT security awareness level among employees as well as the results of a preliminary technical analysis. To carry out the social engineering experiment, two techniques were used. The first technique was to send phishing emails to both the system administrators and other employees of the company. The second technique comprised the infiltration of the office itself to test the physical security, after which two probes were left behind. The social engineering experiment proved that general IT security awareness among employees was very low. The results allowed the research team to infiltrate the network and have the possibility to disable or hamper crucial processes. Social engineering experiments can play an important role in conducting security analyses, by showing security vulnerabilities and raising awareness within a company. Therefore, further research should focus on the standardization of social engineering experiments to be used in security analyses and further development of the approach itself. This paper provides a detailed description of the used methods and the reasoning behind them as a stepping stone for future research on this subject. van Liempd, D., Sjouw, A., Smakman, M., & Smit, K. (2019). Social Engineering As An Approach For Probing Organizations To Improve It Security: A Case Study At A Large International Firm In The Transport Industry. 119-126. https://doi.org/10.33965/es2019_201904l015
MULTIFILE
This paper is a case report of why and how CDIO became a shared framework for Community Service Engineering (CSE) education. CSE can be defined as the engineering of products, product-service combinations or services that fulfill well-being and health needs in the social domain, specifically for vulnerable groups in society. The vulnerable groups in society are growing, while fewer people work in health care. Finding technical, interdisciplinary solutions for their unmet needs is the territory of the Community Service Engineer. These unmet needs arise in local niche markets as well as in the global community, which makes it an interesting area for innovation and collaboration in an international setting. Therefore, five universities from Belgium, Portugal, the Netherlands, and Sweden decided to work together as hubs in local innovation networks to create international innovation power. The aim of the project is to develop education on undergraduate, graduate and post-graduate levels. The partners are not aiming at a joined degree or diploma, but offer a shared short track blended course (3EC), which each partner can supplement with their own courses or projects (up to 30EC). The blended curriculum in CSE is based on design thinking principles. Resources are shared and collaboration between students and staff is organized at different levels. CDIO was chosen as the common framework and the syllabus 2.0 was used as a blueprint for the CSE learning goals in each university. CSE projects are characterized by an interdisciplinary, human centered approach leading to inter-faculty collaboration. At the university of Porto, EUR-ACE was already used as the engineering education framework, so a translation table was used to facilitate common development. Even though Thomas More and KU Leuven are no CDIO partner, their choice for design thinking as the leading method in the post-Masters pilot course insured a good fit with the CDIO syllabus. At this point University West is applying for CDIO and they are yet to discover what the adaptation means for their programs and their emerging CSE initiatives. CDIO proved to fit well to in the authentic open innovation network context in which engineering students actively do CSE projects. CDIO became the common language and means to continuously improve the quality of the CSE curriculum.
