Social engineering as a component of professional competence in information security of future computer science teachers

Bohdan M. Oliinyk; Vasyl P. Oleksiuk

doi:10.55056/ed.778

Authors

Bohdan M. Oliinyk Institute for Digitalisation of Education of the NAES of Ukraine https://orcid.org/0000-0003-3670-2605
Vasyl P. Oleksiuk Ternopil Volodymyr Hnatiuk National Pedagogical University https://orcid.org/0000-0003-2206-8447

DOI:

https://doi.org/10.55056/ed.778

Keywords:

social engineering, types of social engineering attacks, information security, professional competence in information security

Abstract

The article considers the actual problem of information security - social engineering. The authors investigate what social engineering is and its main methods, including phishing, vishing, baiting, and pretexting, and analyze the educational programs of the speciality "014.09 Secondary Education (Informatics)" regarding the availability of relevant competencies. The article analyzes data on the components of professional competencies in information security and social engineering of the leading educational institutions of the USA, the EU, and Ukrainian higher education institutions; based on the analyzed data provided in general, the relationship between training in cyber security and social engineering. The authors also explore the role of future computer science teachers in protecting students from the threats of social engineering. They note that a critical factor in this protection is teaching students to recognize and eliminate social engineering threats and how to protect their sensitive information.

Downloads

Download data is not yet available.

Abstract views: 298 / PDF views: 84

References

Osvitno-profesiina prohrama “Serednia osvita (Informatyka)” druhoho (mahisterskoho) rivnia vyshchoi osvity za predmetnoiu spetsialnistiu 014.09 - Serednia osvita (Informatyka) spetsialnosti 014 - Serednia osvita haluzi znan 01 – Osvita/Pedahohika (2020), URL https://ami.lnu.edu.ua/wp-content/uploads/2020/10/OP_Serednia_osvita_informatyka_2020_proekt.pdf

Osvitno-profesiina prohrama “Serednia osvita (Informatyka)” pershoho (bakalavrskoho) rivnia vyshchoi osvity za predmetnoiu spetsialnistiu 014.09 Serednia osvita predmetnoii spetsialnosti 0.14.09 - Serednia osvita (Informatyka) haluzi znan 01 – Osvita / Pedahohika (2021), URL https://www.znu.edu.ua/opp/bak/math/opp_so-inform_21.pdf

Osvitno-profesiina prohrama “Serednia osvita (Informatyka, matematyka, osnovy STEM-navchnnia)” Pershoho (bakalavrskoho) rivnia vyshchoi osvity za spetsialnistiu 014 Serednia osvita haluzi znan 01 Osvita/Pedahohika (2022), URL https://tnpu.edu.ua/about/public_inform/akredytatsiia%20ta%20litsenzuvannia/osvitni_prohramy/bakalavr/fizmat/014.09_2022.pdf

Technical University of Munich: The Entrepreneurial University - TUM (2024), URL https://www.tum.de/en

Abdulla, R.M., Faraj, H.A., Abdullah, C.O., Amin, A.H., Rashid, T.A.: Analysis of Social Engineering Awareness Among Students and Lecturers. IEEE Access 11, 101098–101111 (2023), https://doi.org/10.1109/ACCESS.2023.3311708 DOI: https://doi.org/10.1109/ACCESS.2023.3311708

Aleroud, A., Zhou, L.: Phishing environments, techniques, and counter-measures: A survey. Computers & Security 68, 160–196 (2017), https://doi.org/10.1016/j.cose.2017.04.006 DOI: https://doi.org/10.1016/j.cose.2017.04.006

Aycock, J.: Teaching Social Engineering Using Improv. In: Proceedings of the 26th ACM Conference on Innovation and Technology in Computer Science Education V. 2, p. 629–630, ITiCSE ’21, Association for Computing Machinery, New York, NY, USA (2021), https://doi.org/10.1145/3456565.3460037 DOI: https://doi.org/10.1145/3456565.3460037

Bani-Salameh, H., Hjeela, F.A., Bani-Salameh, D.: Using Social Development Environments in Introductory Computer Science Classrooms: A Case Study on SCI. In: 2017 Second International Conference on Information Systems Engineering (ICISE), pp. 22–26 (2017), https://doi.org/10.1109/ICISE.2017.15 DOI: https://doi.org/10.1109/ICISE.2017.15

García-Holgado, A., García-Peñalvo, F.J., Therón, R., Vázquez-Ingelmo, A., Gamazo, A., González-González, C.S., Gil Iranzo, R.M., Frango Silveira, I., Alier Forment, M.: Experiencia piloto para incorporar la ética informática de forma transversal en el Grado de Ingeniería Informática - [Pilot experience to mainstream computer ethics in the Computer Science Degree]. In: Innovaciones docentes en tiempos de pandemia, p. 431–436, CINAIC 2021, Servicio de Publicaciones Universidad (2021), https://doi.org/10.26754/cinaic.2021.0082 DOI: https://doi.org/10.26754/CINAIC.2021.0082

Gragg, D.: A Multi-Level Defense Against Social Engineering. White paper, SANS Institute (2022), URL https://sansorg.egnyte.com/dl/AbCFV3mA3o

Gupta, S., Singhal, A., Kapoor, A.: A literature survey on social engineering attacks: Phishing attack. In: 2016 International Conference on Computing, Communication and Automation (ICCCA), pp. 537–540 (2016), https://doi.org/10.1109/CCAA.2016.7813778 DOI: https://doi.org/10.1109/CCAA.2016.7813778

Hadnagy, C., Fincher, M.: Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails. Wiley (2015) DOI: https://doi.org/10.1002/9781119183624

Hazzan, O., Har-Shai, G.: Teaching Computer Science Soft Skills (Abstract Only). In: Proceedings of the 46th ACM Technical Symposium on Computer Science Education, p. 704, SIGCSE ’15, Association for Computing Machinery, New York, NY, USA (2015), https://doi.org/10.1145/2676723.2678289 DOI: https://doi.org/10.1145/2676723.2678289

Hermosilla, P., Boye, N., Roncagliolo, S.: Teaching Communication Strategies in Social Networks for Computer Science Students. In: Meiselwitz, G. (ed.) Social Computing and Social Media. User Experience and Behavior, Lecture Notes in Computer Science, vol. 10913, pp. 57–66, Springer International Publishing, Cham (2018), https://doi.org/10.1007/978-3-319-91521-0_5 DOI: https://doi.org/10.1007/978-3-319-91521-0_5

Joint Task Force on Computing Curricula, Association for Computing Machinery (ACM), IEEE Computer Society: Computer Science Curricula 2013: Curriculum Guidelines for Undergraduate Degree Programs in Computer Science. Association for Computing Machinery, New York, NY, USA (2013), https://doi.org/10.1145/2534860 DOI: https://doi.org/10.1145/2534860

Jones, K.S., Armstrong, M.E., Tornblad, M.K., Siami Namin, A.: How social engineers use persuasion principles during vishing attacks. Information & Computer Security 29(2), 314–331 (Dec 2020), https://doi.org/10.1108/ics-07-2020-0113 DOI: https://doi.org/10.1108/ICS-07-2020-0113

Kamiński, K.A., Dobrowolski, A.P., Piotrowski, Z., Ścibiorek, P.: Enhancing Web Application Security: Advanced Biometric Voice Verification for Two-Factor Authentication. Electronics 12(18), 3791 (2023), https://doi.org/10.3390/electronics12183791 DOI: https://doi.org/10.3390/electronics12183791

Lawson, P.A., Crowson, A.D., Mayhorn, C.B.: Baiting the Hook: Exploring the Interaction of Personality and Persuasion Tactics in Email Phishing Attacks. In: Bagnara, S., Tartaglia, R., Albolino, S., Alexander, T., Fujita, Y. (eds.) Proceedings of the 20th Congress of the International Ergonomics Association (IEA 2018), Advances in Intelligent Systems and Computing, vol. 822, pp. 401–406, Springer International Publishing, Cham (2019), https://doi.org/10.1007/978-3-319-96077-7_42 DOI: https://doi.org/10.1007/978-3-319-96077-7_42

Lupton, D.: Feeling your data: Touch and making sense of personal digital data. New Media & Society 19(10), 1599–1614 (2017), https://doi.org/10.1177/1461444817717515 DOI: https://doi.org/10.1177/1461444817717515

Mitnick Security Consulting LLC: The History of Social Engineering & How to Stay Safe Today (2024), URL https://www.mitnicksecurity.com/the-history-of-social-engineering

Mouton, F., Leenen, L., Venter, H.: Social engineering attack examples, templates and scenarios. Computers & Security 59, 186–209 (2016), https://doi.org/10.1016/j.cose.2016.03.004 DOI: https://doi.org/10.1016/j.cose.2016.03.004

Nash, A., Studiawan, H., Grispos, G., Choo, K.K.R.: Security Analysis of Google Authenticator, Microsoft Authenticator, and Authy. In: Goel, S., Nunes de Souza, P.R. (eds.) Digital Forensics and Cyber Crime, pp. 197–206, Springer Nature Switzerland, Cham (2024), https://doi.org/10.1007/978-3-031-56583-0_13 DOI: https://doi.org/10.1007/978-3-031-56583-0_13

New York University: NYU (2024), URL https://www.nyu.edu

Oleksiuk, V.P.: Yedyna systema avtentyfikatsii yak krok do stvorennia osvitnoho prostoru zahalnoosvitnoho navchalnoho zakladu. Scientific Journal of the Mykhailo Dragomanov Ukrainian State University. Series 2. Computer-oriented learning systems (13 (20)), 188–193 (Feb 2012), URL https://sj.udu.edu.ua/index.php/kosn/article/view/343

Oleksyuk, V.P.: Designing of university cloud infrastructure based on Apache Cloudstack. Information Technologies and Learning Tools 54(4), 153–164 (Sep 2016), https://doi.org/10.33407/itlt.v54i4.1453 DOI: https://doi.org/10.33407/itlt.v54i4.1453

Olivindo, M., Veras, N., Viana, W., Cortés, M., Rocha, L.: Gamifying Flipped Classes: An Experience Report in Software Engineering Remote Teaching. In: Proceedings of the XXXV Brazilian Symposium on Software Engineering, p. 143–152, SBES ’21, Association for Computing Machinery, New York, NY, USA (2021), https://doi.org/10.1145/3474624.3476971 DOI: https://doi.org/10.1145/3474624.3476971

Pilkevych, I.A., Boychenko, O., Lobanchykova, N., Vakaliuk, T.A., Semerikov, S.: Method of Assessing the Influence of Personnel Competence on Institutional Information Security. In: Hovorushchenko, T., Savenko, O., Popov, P.T., Lysenko, S. (eds.) Proceedings of the 2nd International Workshop on Intelligent Information Technologies & Systems of Information Security with CEUR-WS, Khmelnytskyi, Ukraine, March 24-26, 2021, CEUR Workshop Proceedings, vol. 2853, pp. 266–275, CEUR-WS.org (2021), URL https://ceur-ws.org/Vol-2853/paper33.pdf

Platonenko, A.: Techodology of providing functional security for wireless communication systems based on the improvement of the password policies. The dissertation is for the degree of a candidate of technical sciences in specialty 05.13.06 - Information technologies, Institute of Telecommunications and Global Information Space of the National Academy of Sciences of Ukraine, Kyiv (2019), URL https://itgip.org/wp-content/uploads/2019/10/dis-1.pdf

Reed, C.: 30 Social Engineering Statistics – 2023 (2023), URL https://firewalltimes.com/social-engineering-statistics/

Schmitt, M., Flechais, I.: Digital Deception: Generative Artificial Intelligence in Social Engineering and Phishing (2023), URL https://arxiv.org/abs/2310.13715 DOI: https://doi.org/10.2139/ssrn.4602790

Siddiqi, M.A., Pak, W., Siddiqi, M.A.: A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures. Applied Sciences 12(12), 6042 (2022), https://doi.org/10.3390/app12126042 DOI: https://doi.org/10.3390/app12126042

The President and Fellows of Harvard College: Harvard university (2024), URL https://www.harvard.edu

Wang, Z., Zhu, H., Liu, P., Sun, L.: Social engineering in cybersecurity: a domain ontology and knowledge graph application examples. Cybersecurity 4(1), 31 (Aug 2021), https://doi.org/10.1186/s42400-021-00094-6 DOI: https://doi.org/10.1186/s42400-021-00094-6

Wang, Z., Zhu, H., Sun, L.: Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods. IEEE Access 9, 11895–11910 (2021), https://doi.org/10.1109/ACCESS.2021.3051633 DOI: https://doi.org/10.1109/ACCESS.2021.3051633