an article by Curtis C. Campbell (University of Phoenix, Tempe, Arizona, USA) published in Information Technology & People Volume 32 Issue 5 (2019)
Abstract
Purpose
The purpose of this paper is to investigate the top three cybersecurity issues in organizations related to social engineering and aggregate solutions for counteracting human deception in social engineering attacks.
Design/methodology/approach
A total of 20 experts within Information System Security Association participated in a three-round Delphi study for aggregating and condensing expert opinions. Three rounds moved participants toward consensus for solutions to counteract social engineering attacks in organizations.
Findings
Three significant issues: compromised data; ineffective practices; and lack of ongoing education produced three target areas for implementing best practices in countering social engineering attacks. The findings offer counteractions by including education, policies, processes and continuous training in security practices.
Research limitations/implications
Study limitations include lack of prior data on effective social engineering defense. Research implications stem from the psychology of human deception and trust with the ability to detect deception.
Practical implications
Practical implications relate to human judgment in complying with effective security policies and programs and consistent education and training. Future research may include exploring financial, operational and educational costs of implementing social engineering solutions.
Social implications
Social implications apply across all knowledge workers who benefit from technology and are trusted to protect organizational assets and intellectual property.
Originality/value
This study contributes to the field of cybersecurity with a focus on trust and human deception to investigate solutions to counter social engineering attacks. This paper adds to under-represented cybersecurity research regarding effective implementation for social engineering defense.
Thursday, 24 October 2019
Solutions for counteracting human deception in social engineering attacks
Labels:
HCI,
human-computer_interaction,
IT_strategy,
phishing,
security,
trust
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment