A Taxonomy of Social Engineering Defense Mechanisms

“…Hence, social engineers aim to exploit the weakest link in a security structure by manipulating individuals and organizations to divulge valuable and sensitive data [1]. Social engineering attacks use many different techniques including, but not limited to, Business Email Compromise (BEC) and phishing in all its variations such as vishing (by voice), smishing (by SMS) and pharming (via malicious code) [2] [3]. According to [4], successful social engineering has an overwhelming negative impact on an organization such as data losses, financial losses, lowered employee morale and decreased customer loyalty.…”

“…To achieve (1) and (2), the authors designed, distributed, and analyzed a survey to investigate the incorporation level of SE-IPs in organizations. Then, considering the survey results as well previous work [2] [10], the paper developed a proposed model of SE-IPs that organizations can adopt.…”

“…To achieve (1) and (2), the authors designed, distributed, and analyzed a survey to investigate the incorporation level of SE-IPs in organizations. Then, considering the survey results as well previous work [2] [10], the paper developed a proposed model of SE-IPs that organizations can adopt. To summarize, the key contributions of this research are questionnaire to measure SE-IPs incorporation level in an organization, a customizable proposed model of formal SE-IPs that organizations can adopt, data analysis of 1523 responses from employees in various employment sectors, and available online dataset for researchers and practitioners in the field of cybersecurity to replicate or extend the work.…”

“…The authors earlier paper presented a taxonomy of the main target points of social engineers within organizations, which are people (employees), data, hardware, software, and networks [2]. The paper addressed the defense mechanisms for each of these target points as shown in Figure 1.…”

“…In light of [2] the authors conducted an experimental study which involved 791 participants, to measure employees' awareness of social engineering defense mechanisms [10]. That study revealed that only 47.5% of participants are aware of such mechanisms.…”

Social Engineering Infosec Policies (SE-IPS)

“…Hence, social engineers aim to exploit the weakest link in a security structure by manipulating individuals and organizations to divulge valuable and sensitive data [1]. Social engineering attacks use many different techniques including, but not limited to, Business Email Compromise (BEC) and phishing in all its variations such as vishing (by voice), smishing (by SMS) and pharming (via malicious code) [2] [3]. According to [4], successful social engineering has an overwhelming negative impact on an organization such as data losses, financial losses, lowered employee morale and decreased customer loyalty.…”

“…To achieve (1) and (2), the authors designed, distributed, and analyzed a survey to investigate the incorporation level of SE-IPs in organizations. Then, considering the survey results as well previous work [2] [10], the paper developed a proposed model of SE-IPs that organizations can adopt.…”

“…To achieve (1) and (2), the authors designed, distributed, and analyzed a survey to investigate the incorporation level of SE-IPs in organizations. Then, considering the survey results as well previous work [2] [10], the paper developed a proposed model of SE-IPs that organizations can adopt. To summarize, the key contributions of this research are questionnaire to measure SE-IPs incorporation level in an organization, a customizable proposed model of formal SE-IPs that organizations can adopt, data analysis of 1523 responses from employees in various employment sectors, and available online dataset for researchers and practitioners in the field of cybersecurity to replicate or extend the work.…”

“…The authors earlier paper presented a taxonomy of the main target points of social engineers within organizations, which are people (employees), data, hardware, software, and networks [2]. The paper addressed the defense mechanisms for each of these target points as shown in Figure 1.…”

“…In light of [2] the authors conducted an experimental study which involved 791 participants, to measure employees' awareness of social engineering defense mechanisms [10]. That study revealed that only 47.5% of participants are aware of such mechanisms.…”

Social Engineering Infosec Policies (SE-IPS)

Enhanced social engineering framework mitigating against social engineering attacks in higher education

Social Engineering Defense Mechanisms: A Taxonomy and a Survey of Employees’ Awareness Level