%0 Journal Article %1 mjs:Frumento:Assessment %A Frumento, Enrico %A Puricelli, Roberto %D 2014 %K ds15 human_factors human_vulnerabilities mjsarticle security_awareness social_engineering %N 2 %P 493-505 %T An innovative and comprehensive framework for Social Driven Vulnerability Assessment %U http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_033_Frumento_Assessment.pdf %V 8 %X Nowadays security attacks greatly rely on the human vulnerabilities, hence is fundamental to include the human factor into corporate risk analysis. However, is it possible to evaluate this risk through a specific type of vulnerability assessments? Since 2010, we have been working on the extension of traditional security as- sessment, going beyond the technology and including the “Social” context. In these years, we assessed several big European enterprises, understanding the impact of these activities on the relations among employees and employer, both from ethical and legal points of view. We developed a innovative methodology for Social Driven Vulnerability Assessments (SDVAs) that we present in this paper beside the early results. As part of their Advanced Threat Protection (ATP) programs, we performed more than 15 SDVAs in big enterprises with a gross number of 12.000 employees; this gave us a first-hand sight on the real vulnerabilities against modern non-conventional security threats. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer

@article{mjs:Frumento:Assessment, abstract = {Nowadays security attacks greatly rely on the human vulnerabilities, hence is fundamental to include the human factor into corporate risk analysis. However, is it possible to evaluate this risk through a specific type of vulnerability assessments? Since 2010, we have been working on the extension of traditional security as- sessment, going beyond the technology and including the “Social” context. In these years, we assessed several big European enterprises, understanding the impact of these activities on the relations among employees and employer, both from ethical and legal points of view. We developed a innovative methodology for Social Driven Vulnerability Assessments (SDVAs) that we present in this paper beside the early results. As part of their Advanced Threat Protection (ATP) programs, we performed more than 15 SDVAs in big enterprises with a gross number of 12.000 employees; this gave us a first-hand sight on the real vulnerabilities against modern non-conventional security threats. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer}, added-at = {2021-09-19T18:42:17.000+0200}, author = {Frumento, Enrico and Puricelli, Roberto}, biburl = {https://www.bibsonomy.org/bibtex/2ca102eaac06adcd0361a81e3e9b5e12a/steschum}, interhash = {bc0f8543fdcdae9f48a9c50f71306f2f}, intrahash = {ca102eaac06adcd0361a81e3e9b5e12a}, issn = {2192-4260}, journaltitle = {Magdeburger Journal zur Sicherheitsforschung}, keywords = {ds15 human_factors human_vulnerabilities mjsarticle security_awareness social_engineering}, number = 2, pages = {493-505}, timestamp = {2021-10-22T17:15:30.000+0200}, title = {An innovative and comprehensive framework for Social Driven Vulnerability Assessment}, url = {http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_033_Frumento_Assessment.pdf}, urldate = {2014-12-16}, volume = 8, year = 2014 }