Implementación de un Marco de Referencia contra ataques de ingeniería social mediante el uso de las Open Source Intelligence (OSINT)

Abstract

Abstract:This research implements a Reference Framework against engineering attacks through the use of Open Source Intelligence (OSINT), in order to mitigate risks for the violation of confidential information. Its objective is to determine the level of security, a SWOT analysis was carried out, which revealed that there is a high compliance in physical security by not allowing access to unauthorized persons, they use a security program antivirus protection and restricted use of social networks; in its weaknesses it was obtained that do not have individual protection in files or confidential information, do not change their password regularly and there is little staff training on hacking attacks social engineering; Among the risks, the vulnerability of computer systems was identified, theft of information for personal purposes or to harm the company. The model is used Social Engineering Attack Framework, proposed by authors Mouton, Leenen, Malan and Venter (2014) where he divides social engineering into two directions: a) direct attacks and indirect: where two or more people are involved, it is divided into bidirectional (impersonation) and one-way (mail or SMS) and b) addresses the deficiencies of the cycle engineering attack. It is concluded that the application of OSINT serves as a tool in the area of ​​cybersecurity, its use allows to identify the violation of confidential information and mitigate risks.