{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,8,20]],"date-time":"2024-08-20T13:09:06Z","timestamp":1724159346977},"reference-count":12,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011,7,1]]},"abstract":"

Effective information systems security management combines technological measures and managerial efforts. Although various technical means have been employed to cope with security threats, human factors have been comparatively neglected. This article examines human factors that can lead to social engineering intrusions. Social engineering is a technique used by malicious attackers to gain access to desired information by exploiting the flaws in human logic known as cognitive biases. Social engineering is a potential threat to information security and should be considered equally important to its technological counterparts. This article unveils various social engineering attacks and their leading human factors, and discusses several ways to defend against social engineering: education, training, procedure, and policy. The authors further introduce possible countermeasures for social engineering attacks. Future analysis is also presented.<\/p>","DOI":"10.4018\/irmj.2011070101","type":"journal-article","created":{"date-parts":[[2011,10,19]],"date-time":"2011-10-19T15:59:17Z","timestamp":1319039957000},"page":"1-8","source":"Crossref","is-referenced-by-count":49,"title":["Social Engineering"],"prefix":"10.4018","volume":"24","author":[{"given":"Xin","family":"Luo","sequence":"first","affiliation":[{"name":"The University of New Mexico, USA"}]},{"given":"Richard","family":"Brody","sequence":"additional","affiliation":[{"name":"The University of New Mexico, USA"}]},{"given":"Alessandro","family":"Seazzu","sequence":"additional","affiliation":[{"name":"The University of New Mexico, USA"}]},{"given":"Stephen","family":"Burd","sequence":"additional","affiliation":[{"name":"The University of New Mexico, USA"}]}],"member":"2432","reference":[{"key":"irmj.2011070101-0","author":"M.Allen","year":"2006","journal-title":"Social Engineering: A Means to Violate a Computer System"},{"key":"irmj.2011070101-1","author":"D.Gragg","year":"2003","journal-title":"A Multi-Level Defense Against Social Engineering"},{"key":"irmj.2011070101-2","doi-asserted-by":"publisher","DOI":"10.1037\/1089-2699.6.1.38"},{"key":"irmj.2011070101-3","author":"K.Mitnick","year":"2002","journal-title":"The Art of Deception: Controlling the Human Element of Security"},{"key":"irmj.2011070101-4","doi-asserted-by":"publisher","DOI":"10.1201\/1086.1065898X\/46353.15.4.20060901\/95427.3"},{"key":"irmj.2011070101-5","doi-asserted-by":"publisher","DOI":"10.1037\/0022-3514.82.5.722"},{"key":"irmj.2011070101-6","unstructured":"Rusch, J. (1999). The Social Engineering of Internet Fraud. Paper presented at the INET\u201999 Conference, San Jose, CA."},{"key":"irmj.2011070101-7","doi-asserted-by":"crossref","unstructured":"Thornburgh, T. (2004). Social Engineering: the \u201cdark art\u201d. Paper presented at the 1st Annual Conference on Information Security Curriculum Development, Kennesaw, GA.","DOI":"10.1145\/1059524.1059554"},{"key":"irmj.2011070101-8","author":"M. E.Whitman","year":"2008","journal-title":"Management of Information Security"},{"key":"irmj.2011070101-9","author":"M. E.Whitman","year":"2009","journal-title":"Principles of Information Security"},{"key":"irmj.2011070101-10","doi-asserted-by":"publisher","DOI":"10.1080\/10658980701788165"},{"key":"irmj.2011070101-11","doi-asserted-by":"publisher","DOI":"10.1002\/asi.20779"}],"container-title":["Information Resources Management Journal"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=55064","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T15:09:17Z","timestamp":1654096157000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/irmj.2011070101"}},"subtitle":["The Neglected Human Factor for Information Security Management"],"short-title":[],"issued":{"date-parts":[[2011,7,1]]},"references-count":12,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2011,7]]}},"URL":"https:\/\/doi.org\/10.4018\/irmj.2011070101","relation":{},"ISSN":["1040-1628","1533-7979"],"issn-type":[{"value":"1040-1628","type":"print"},{"value":"1533-7979","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,7,1]]}}}