Social engineering refers to the art of using deception and manipulating individuals to gain access to systems or information assets and subsequently compromising these systems and information assets. Information security must provide protection to the confidentiality, integrity, and availability of information. In order to mitigate information security's weakest link, it becomes necessary to understand the ways in which human behavior can be exploited via social engineering. This chapter will seek to analyze the role of social engineering in information security breaches and the factors that contribute to its success. A variety of social engineering attacks, impacts, and mitigations will be discussed. Human factors such as trust, obedience, and fear are easily exploited, thereby allowing social engineers to execute successful attacks. However, with effective countermeasures such as information security awareness training, education, and audit procedures, the impacts of social engineering can be decreased or eliminated altogether.