Rong Rong

Work place: IE Business School, Madrid, Spain



Research Interests: Medicine & Healthcare


Rong Rong is a alumna of IE Business School in Madrid, Spain, where she got the master degree of International Business Management in 2013. She also has a master of philosophy degree in the Chinese University of Hong Kong with the major in Medical Sciences. With a great interest in social psychology, she now works actively in the venture capital investment of Chinese medical industry and social welfare business.

Author Articles
Social Engineering: I-E based Model of Human Weakness for Attack and Defense Investigations

By Wenjun Fan Kevin Lwakatare Rong Rong

DOI:, Pub. Date: 8 Jan. 2017

Social engineering is the attack aimed to manipulate dupe to divulge sensitive information or take actions to help the adversary bypass the secure perimeter in front of the information-related resources so that the attacking goals can be completed. Though there are a number of security tools, such as firewalls and intrusion detection systems which are used to protect machines from being attacked, widely accepted mechanism to prevent dupe from fraud is lacking. However, the human element is often the weakest link of an information security chain, especially, in a human-centered environment. In this paper, we reveal that the human psychological weaknesses result in the main vulnerabilities that can be exploited by social engineering attacks. Also, we capture two essential levels, internal characteristics of human nature and external circumstance influences, to explore the root cause of the human weaknesses. We unveil that the internal characteristics of human nature can be converted into weaknesses by external circumstance influences. So, we propose the I-E based model of human weakness for social engineering investigation. Based on this model, we analyzed the vulnerabilities exploited by different techniques of social engineering, and also, we conclude several defense approaches to fix the human weaknesses. This work can help the security researchers to gain insights into social engineering from a different perspective, and in particular, enhance the current and future research on social engineering defense mechanisms.

[...] Read more.
Other Articles