ABSTRACT

Social engineering, the manipulation and deception of individuals to gain access to otherwise secure systems and information, has become a major vector to compromise the information security of organizations. Little research has explored characteristics associated with organizations vulnerable to social engineering, particularly from the perspective of persons experienced in such deceptions. To address this gap, the current study uses a qualitative, grounded theory-based approach to analyze interviews with both professional and nonprofessional social engineers (n = 37). Results reveals six themes corresponding to traits participants associated with organizations vulnerable to social engineering. These themes concern an organization’s value, structural controls, organizational efficacy, openness, size, and purpose. This study concludes by exploring directions for future research and policy implications.

摘要

社会工程，即操纵和欺骗个人以获取其他安全系统和信息的访问权限，已成为危害组织信息安全的主要载体。很少有研究探讨与易受社会工程影响的组织相关的特征，特别是从经历过此类欺骗的人的角度来看。为了解决这一差距，目前的研究使用了一种定性的、基于理论的方法来分析对专业和非专业社会工程师的采访（n = 37）。结果揭示了与易受社会工程影响的组织相关的特征参与者对应的六个主题。这些主题涉及组织的价值、结构控制、组织效能、开放性、规模和目的。本研究最后探讨了未来研究的方向和政策影响。