Social Engineering: The Neglected Human Factor for Information Security Management

Social Engineering: The Neglected Human Factor for Information Security Management

Xin Luo (The University of New Mexico, USA), Richard Brody (The University of New Mexico, USA), Alessandro Seazzu (The University of New Mexico, USA) and Stephen Burd (The University of New Mexico, USA)
Copyright: © 2011 |Pages: 8
DOI: 10.4018/irmj.2011070101
OnDemand PDF Download:
$37.50

Abstract

Effective information systems security management combines technological measures and managerial efforts. Although various technical means have been employed to cope with security threats, human factors have been comparatively neglected. This article examines human factors that can lead to social engineering intrusions. Social engineering is a technique used by malicious attackers to gain access to desired information by exploiting the flaws in human logic known as cognitive biases. Social engineering is a potential threat to information security and should be considered equally important to its technological counterparts. This article unveils various social engineering attacks and their leading human factors, and discusses several ways to defend against social engineering: education, training, procedure, and policy. The authors further introduce possible countermeasures for social engineering attacks. Future analysis is also presented.
Article Preview

Psychological Aspects

Recent research has discovered that there are certain terms and techniques that are associated with SE and go perhaps far beyond technology and more so into human error and social psychology (Peltier, 2006). Three key aspects of social psychology, alternative routes to persuasion (i.e., central route and peripheral route), attitudes and beliefs that affect human interactions, and techniques for persuasion and influence, could help explain the emotional cues for manipulated SE attacks (Peltier, 2006).

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 30: 4 Issues (2017)
Volume 29: 4 Issues (2016)
Volume 28: 4 Issues (2015)
Volume 27: 4 Issues (2014)
Volume 26: 4 Issues (2013)
Volume 25: 4 Issues (2012)
Volume 24: 4 Issues (2011)
Volume 23: 4 Issues (2010)
Volume 22: 4 Issues (2009)
Volume 21: 4 Issues (2008)
Volume 20: 4 Issues (2007)
Volume 19: 4 Issues (2006)
Volume 18: 4 Issues (2005)
Volume 17: 4 Issues (2004)
Volume 16: 4 Issues (2003)
Volume 15: 4 Issues (2002)
Volume 14: 4 Issues (2001)
Volume 13: 4 Issues (2000)
Volume 12: 4 Issues (1999)
Volume 11: 4 Issues (1998)
Volume 10: 4 Issues (1997)
Volume 9: 4 Issues (1996)
Volume 8: 4 Issues (1995)
Volume 7: 4 Issues (1994)
Volume 6: 4 Issues (1993)
Volume 5: 4 Issues (1992)
Volume 4: 4 Issues (1991)
Volume 3: 4 Issues (1990)
Volume 2: 4 Issues (1989)
Volume 1: 1 Issue (1988)
View Complete Journal Contents Listing