Social Engineering: The Neglected Human Factor for Information Security Management

Social Engineering: The Neglected Human Factor for Information Security Management

Xin (Robert) Luo (Xin (Robert) LuoThe University of New Mexico, USA), Richard Brody (The University of New Mexico, USA), Alessandro Seazzu (The University of New Mexico, USA) and Stephen Burd (The University of New Mexico, USA)
DOI: 10.4018/978-1-4666-3616-3.ch011

Abstract

Effective information systems security management combines technological measures and managerial efforts. Although various technical means have been employed to cope with security threats, human factors have been comparatively neglected. This article examines human factors that can lead to social engineering intrusions. Social engineering is a technique used by malicious attackers to gain access to desired information by exploiting the flaws in human logic known as cognitive biases. Social engineering is a potential threat to information security and should be considered equally important to its technological counterparts. This article unveils various social engineering attacks and their leading human factors, and discusses several ways to defend against social engineering: education, training, procedure, and policy. The authors further introduce possible countermeasures for social engineering attacks. Future analysis is also presented.
Chapter Preview
Top

Psychological Aspects

Recent research has discovered that there are certain terms and techniques that are associated with SE and go perhaps far beyond technology and more so into human error and social psychology (Peltier, 2006). Three key aspects of social psychology, alternative routes to persuasion (i.e., central route and peripheral route), attitudes and beliefs that affect human interactions, and techniques for persuasion and influence, could help explain the emotional cues for manipulated SE attacks (Peltier, 2006).

Complete Chapter List

Search this Book:
Reset