Gaining Access with Social Engineering: An Empirical Study of the Threat

Authors:
Michael Workman
Affiliations:
Security Policy Institute, Florida Institute of Technology, Melbourne, FL, USA
Venue:
Information Systems Security
Year:
2007

Citing 11
Cited 12

Discovering and disciplining computer abuse in organizations: a field study

MIS Quarterly
The effect of codes of ethics and personal denial of responsibility on computer abuse judgements and intentions

MIS Quarterly
Coping with systems risk: security planning models for management decision making

MIS Quarterly
The Art of Deception: Controlling the Human Element of Security

The Art of Deception: Controlling the Human Element of Security
Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security

BT Technology Journal
Network Security First-Step

Network Security First-Step
Psychological antecedents of institution-based consumer trust in e-retailing

Information and Management
Privacy and Rationality in Individual Decision Making

IEEE Security and Privacy
Punishment and ethics deterrents: A study of insider security contravention

Journal of the American Society for Information Science and Technology
Corporate Computer and Network Security

Corporate Computer and Network Security
Information systems security and human behaviour

Behaviour & Information Technology

Security lapses and the omission of information security measures: A threat control model and empirical test

Computers in Human Behavior
Goal Setting and Trust in a Security Management Context

Information Security Journal: A Global Perspective
Social Engineering: Hacking the Wetware!

Information Security Journal: A Global Perspective
A field study of corporate employee monitoring: Attitudes, absenteeism, and the moderating influences of procedural justice perceptions

Information and Organization
Effectiveness of Physical, Social and Digital Mechanisms against Laptop Theft in Open Organizations

GREENCOM-CPSCOM '10 Proceedings of the 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing
Cultural and organisational commitment in the context of e-banking

International Journal of Internet Technology and Secured Transactions
Graphical passwords: Learning from the first twelve years

ACM Computing Surveys (CSUR)
Information systems user security: A structured model of the knowing-doing gap

Computers in Human Behavior
Project Commitment in the Context of Information Security

International Journal of Information Technology Project Management
Social Engineering: The Neglected Human Factor for Information Security Management

Information Resources Management Journal
A Composite Framework for Behavioral Compliance with Information Security Policies

Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies

Journal of Organizational and End User Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recently, research on information security has expanded from its purely technological orientation into striving to understand and explain the role of human behavior in security breaches. However, an area that has been lacking theory-grounded empirical study is in social engineering attacks. While there exists an extensive body of anecdotal literature, factors that account for attack success remains largely speculative. To better understand this increasing phenomenon, we developed a theoretical framework and conducted an empirical field study to investigate social engineering attacks, and from these results, we make recommendations for practice and further research.