In continuing my research for my dissertation I found that the forensics reconnaissance aspect of it would prove to be very difficult. I would need a lot of data that companies would not be willing to share or are bound by privacy law to not share. So I have to cut out that aspect of my research paper.

Now for the second part. The primary question is how do I salvage social networking attacks. I needed to transform this into a new analysis.

In my research I found a few papers written on what can happen and what they do. However, I noticed that the severity of social engineering attacks are not being seen by as many security administrators as it could be.  I checked a few of the top rankings of threats and the threat of the human factor or social engineering was not in their top ranks. I believe that for the next decade, at least, social engineering will be a top threat that IT security administrators will need to look at.

Therefore, in my new approach to my paper I hope to start by defining the anatomy of a severe attack and then describe how social engineering fits that model.

My thesis will have to be a hypothesis that claims that the severity of social engineering attacks will make these attacks a top threat for IT security administrators for at least the next decade.

The phrasing needs some work but I think I finally have a working thesis that can be applied to my dissertation.

Dissertation