Social Engineering and Security Awareness

Presented at DeepSec 2015 „DeepSec No. 9“, Unknown date/time (Unknown duration).

Social Engineering is a great method for hacking systems. Instead of attacking technical devices social engineers manipulate people to get what they want. Defending your organisation against social engineering attacks is vital, yet very hard to achieve. This workshop focuses on the psychological fundamentals of social engineering. I will show you how social engineering works, how psychology can be used to manipulate people and how social engineers use these skills to lever out security measurements. The second part of the workshop will focus on defence measures against social engineering attacks. I'll teach didactical methods and other skills required to train your users in a succesful, scientifically sound and empirically grounded security awareness campaign. Practical knowledge from human factors and organisational development research will top the workshop off.


Presenters:

  • Stefan Schumacher - Magdeburger Institut für Sicherheitsforschung
    Stefan Schumacher is the president of the Magdeburg Institute for Security Research and editor of the Magdeburg Journal for Security Research in Magdeburg/Germany. He started his hacking career before the fall of the Berlin Wall, on a small East German computer with 1.75 MHz and a Datasette drive. Ever since he liked to explore technical and social systems, with a focus on security and how to exploit them. He was a NetBSD developer for some years and involved in several other Open Source projects and events. He studied Educational Science and Psychology, has done a lot of unique research about the Psychology of Security with a focus on Social Engineering, User Training and Didactics of Security/Cryptography. Currently he's leading the research project Psychology of Security,focusing on fundamental qualitative and quantitative research about the perception and construction of security. He presents the research results regularly at international conferences like AusCert Australia, Chaos Communication Congress, Chaos Communciation Camp, DeepSec Vienna, DeepIntel Salzburg, Positive Hack Days Moscow or LinuxDays Luxembourg and in security related journals and books.

Links:

Similar Presentations: