Social Engineering
- 1 July 2011
- journal article
- research article
- Published by IGI Global in Information Resources Management Journal
- Vol. 24 (3), 1-8
- https://doi.org/10.4018/irmj.2011070101
Abstract
Effective information systems security management combines technological measures and managerial efforts. Although various technical means have been employed to cope with security threats, human factors have been comparatively neglected. This article examines human factors that can lead to social engineering intrusions. Social engineering is a technique used by malicious attackers to gain access to desired information by exploiting the flaws in human logic known as cognitive biases. Social engineering is a potential threat to information security and should be considered equally important to its technological counterparts. This article unveils various social engineering attacks and their leading human factors, and discusses several ways to defend against social engineering: education, training, procedure, and policy. The authors further introduce possible countermeasures for social engineering attacks. Future analysis is also presented.Keywords
This publication has 6 references indexed in Scilit:
- Wisecrackers: A theory‐grounded investigation of phishing and pretext social engineering threats to information securityJournal of the American Society for Information Science and Technology, 2007
- Gaining Access with Social Engineering: An Empirical Study of the ThreatInformation Systems Security, 2007
- Social Engineering: Concepts and SolutionsInformation Systems Security, 2006
- Social engineeringPublished by Association for Computing Machinery (ACM) ,2004
- Thought confidence as a determinant of persuasion: The self-validation hypothesis.Journal of Personality and Social Psychology, 2002
- Online persuasion: An examination of gender differences in computer-mediated interpersonal influence.Group Dynamics: Theory, Research, and Practice, 2002