A test of interventions for security threats from social engineering

$58.76 plus tax (Refund Policy)

Buy Article:

Abstract:

Purpose ‐ Recently, the role of human behavior has become a focal point in the study of information security countermeasures. However, few empirical studies have been conducted to test social engineering theory and the reasons why people may or may not fall victim, and even fewer have tested recommended treatments. Building on theory using threat control factors, the purpose of this paper is to compare the efficacy of recommended treatment protocols. Design/methodology/approach ‐ A confirmatory factor analysis of a threat control model was conducted, followed by a randomized assessment of treatment effects using the model. The data were gathered using a questionnaire containing antecedent factors, and samples of social engineering security behaviors were observed. Findings ‐ It was found that threat assessment, commitment, trust, and obedience to authority were strong indicators of social engineering threat success, and that treatment efficacy depends on which factors are most prominent. Originality/value ‐ This empirical study provides evidence for certain posited theoretical factors, but also shows that treatment efficacy for social engineering depends on targeting the appropriate factor. Researchers should investigate methods for factor assessment, and practitioners must develop interventions accordingly.

Keywords: Data security; Risk analysis; Systems analysis

Document Type: Research Article

DOI: http://dx.doi.org/10.1108/09685220810920549

Publication date: November 21, 2008

Related content

Share Content

Access Key

Free Content
Free content
New Content
New content
Open Access Content
Open access content
Subscribed Content
Subscribed content
Free Trial Content
Free trial content
Cookie Policy
X
Cookie Policy
ingentaconnect website makes use of cookies so as to keep track of data that you have filled in. I am Happy with this Find out more