ESTRATÉGIAS DE DEFESA CONTRA ENGENHARIA SOCIAL EM AMBIENTES DE TRABALHO HOME OFFICE

Ronaldo Rodrigues Martins; João Vitor Fonseca Duarte Silva; Eduardo Barros Peine de Oliveira

doi:10.31510/infa.v18i2.1329

Authors

Ronaldo Rodrigues Martins Faculdade de Tecnologia de Catanduva – Catanduva – São Paulo – Brasil https://orcid.org/0000-0001-5827-7043
João Vitor Fonseca Duarte Silva Faculdade de Tecnologia de Catanduva – Catanduva – São Paulo – Brasil https://orcid.org/0000-0002-7882-1576
Eduardo Barros Peine de Oliveira Faculdade de Tecnologia de Catanduva – Catanduva – São Paulo – Brasil https://orcid.org/0000-0001-9123-8628

DOI:

https://doi.org/10.31510/infa.v18i2.1329

Keywords:

Social Enginnering, Information Security, Home Office

Abstract

Defensive information security actions in the corporate environment involve people, physical and technological resources. In this sense, in addition to technologies and tools, policies and procedures must be adopted to guide employees of organizations in their daily work tasks. Parallel to the security scenario, the pandemic caused by the SARS-CoV-2 virus that started in the year 2020, forced several organizations around the world to adopt home office work regimes. Soon this situation made information systems and communication between employees more vulnerable to social engineering attacks because people are outside the physical perimeter of organizations. In short, an updated information security policy shared among the employees of organizations is essential to reduce the chances of suffering cyber-attacks. Given the context, this article aims to present an overview of companies in the city of Catanduva (São Paulo) that have adopted a home office work regime and the knowledge that their employees have in relation to the information security policy in force in their environments. Work. In this sense, we believe that the results of this work can guide information technology managers in conducting their security policies and foster future academic work related to social engineering.

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...

References

ALDAWOOD, H; SKINNER, G. Challenges of Implementing Training and Awareness Programs Targeting Cyber Security Social Engineering, 2019. Cybersecurity and Cyberforensics Conference (CCC), 2019, pp. 111-117. Disponível em http://tiny.cc/x35juz. Acessado em 01/09/2021. DOI: https://doi.org/10.1109/CCC.2019.00004

ALLEN, Malcolm. Social Engineering: A Means to Violate a Computer System. 2001. Disponível em http://tiny.cc/w35juz. Acessado em 19 agosto de 2021.

ASSOCIAÇÃO BRASILEIRA DE NORMAS TÉCNICAS. ABNT NBR ISO/IEC 27002:2013, 2013. Disponível em https://www.abntcatalogo.com.b r. Acessado em 09/11/2021.

CERT. Cartilha de Segurança para Internet. 2012. Disponível em https://cartilha.cert.br/livro/cartilha-seguranca-internet.pdf. Acessado em 19 agosto de 2021.

DASWANI, N; KERN, C; KESAVAN, A. Foundations of Security: What Every Programmer Needs to Know, 2007. Springer-Verlag New York.

FONTES, E. Políticas e Normas para a Segurança da Informação. Rio de Janeiro: Brasport, 2012.

FROEHLICH, C. Benefícios e Desafios do Home Office em Empresas de Tecnologia da Informação, 2020. Disponível em http://tiny.cc/t35juz. Acessado em 20/08/2021.

FURNELL, S.; SHAH, J.N. Home working and cyber security – an outbreak of unpreparedness?. Computer Fraud & Security, 2020, pp 6–12. Disponível em: http://tiny.cc/9j9luz. Acessado em 08/11/2021. DOI: https://doi.org/10.1016/S1361-3723(20)30084-1

GEORGIADOU, A.; MOUZAKITIS, S.; ASKOUNIS, D. Working from home during COVID-19 crisis: a cyber security culture assessment survey. Security Journal, 2021. Disponível em: https://doi.org/10.1057/s41284-021-00286-2. Acessado em 08/11/2021. DOI: https://doi.org/10.1057/s41284-021-00286-2

HADNAGY, C. Social Engineering: The Science of Human Hacking. Indianapolis: WileyPublishingInc, 2011.

INSTITUTO BUTANTAN. Entenda o que é uma pandemia e as diferenças entre surto, epidemia e endemia, 2021. Disponível em http://tiny.cc/o35juz. Acessado em 20/08/2021.

MARCELO A.; Pereira, M. Engenharia Social: hackeando pessoas. Brasport, 2005.

PEIXOTO, Mário C. P. Engenharia Social e Segurança da Informação na Gestão Corporativa. Rio de Janeiro: Brasport, 2006.

SALEEM, J.; HAMMOUDEH, M. Defense Methods Against Social Engineering Attacks, 2018. In: Daimi K. (eds) Computer and Network Security Essentials. Springer, Cham. DOI: https://doi.org/10.1007/978-3-319-58424-9_35

WHO. Origins of the SARS-CoV-2 virus, 2021. Disponível em http://tiny.cc/k35juz. Acessado em 20/08/2021.

XIANGYU, L; QIUYANG, L; CHANDEL, S. Social engineering and insider threats. 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2017, pp. 25-34, doi: 10.1109/CyberC.2017.91. Disponível em http://tiny.cc/i35juz. Acessado em 01/09/2021. DOI: https://doi.org/10.1109/CyberC.2017.91