Name
Abstract | ||
|---|---|---|
In assessing the security posture of Industrial Control Systems (ICS), several approaches have been proposed, including attack graphs, attack trees, Bayesian networks and security ideals. Predominantly focusing on technical vulnerabilities, challenges stemming from social and organisational factors are often reviewed in isolation, if at all. Taking a mean time-to-compromise (MTTC) metric as a base for expansion, we explore the impact social engineering attack vectors (malicious e-mails) could have on such assessments. The applied method takes a holistic view, to better understand the potential impact of social engineering across a small European utility company. The results of this review are analysed and discussed, highlighting the level of access an attacker could gain through social engineering, and the need for assessment metrics to include vulnerabilities stemming not only from technical factors, but social and organisational ones as well. |
Year | DOI | Venue |
|---|---|---|
2015 | 10.1145/2808705.2808717 | CPS-SPC@CCS |
Field | DocType | Citations |
Psychological resilience,Computer security,Social engineering (security),Industrial control system,Bayesian network,SCADA,Engineering,Attack graph,Vulnerability | Conference | 6 |
PageRank | References | Authors |
0.54 | 10 | 4 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Benjamin Green | 1 | 18 | 5.01 |
| Daniel Prince | 2 | 50 | 5.90 |
| J. S. Busby | 3 | 30 | 6.10 |
| David Hutchison | 4 | 1781 | 201.46 |