Search results

1 – 10 of over 73000
To view the access options for this content please click here
Article
Publication date: 10 August 2018

Curtis C. Campbell

The purpose of this paper is to investigate the top three cybersecurity issues in organizations related to social engineering and aggregate solutions for counteracting…

Abstract

Purpose

The purpose of this paper is to investigate the top three cybersecurity issues in organizations related to social engineering and aggregate solutions for counteracting human deception in social engineering attacks.

Design/methodology/approach

A total of 20 experts within Information System Security Association participated in a three-round Delphi study for aggregating and condensing expert opinions. Three rounds moved participants toward consensus for solutions to counteract social engineering attacks in organizations.

Findings

Three significant issues: compromised data; ineffective practices; and lack of ongoing education produced three target areas for implementing best practices in countering social engineering attacks. The findings offer counteractions by including education, policies, processes and continuous training in security practices.

Research limitations/implications

Study limitations include lack of prior data on effective social engineering defense. Research implications stem from the psychology of human deception and trust with the ability to detect deception.

Practical implications

Practical implications relate to human judgment in complying with effective security policies and programs and consistent education and training. Future research may include exploring financial, operational and educational costs of implementing social engineering solutions.

Social implications

Social implications apply across all knowledge workers who benefit from technology and are trusted to protect organizational assets and intellectual property.

Originality/value

This study contributes to the field of cybersecurity with a focus on trust and human deception to investigate solutions to counter social engineering attacks. This paper adds to under-represented cybersecurity research regarding effective implementation for social engineering defense.

Details

Information Technology & People, vol. 32 no. 5
Type: Research Article
ISSN: 0959-3845

Keywords

To view the access options for this content please click here
Article
Publication date: 19 October 2012

Richard G. Brody, William B. Brizzee and Lewis Cano

One of the key components to fraud prevention is strong internal controls. However, the greatest threat to an organization's information security is the manipulation of…

Abstract

Purpose

One of the key components to fraud prevention is strong internal controls. However, the greatest threat to an organization's information security is the manipulation of employees who are too often the victims of ploys and techniques used by slick con men known as social engineers. The purpose of this paper is to help prevent future incidents by increasing the awareness of social engineering attacks.

Design/methodology/approach

A review of the more common social engineering techniques is provided. Emphasis is placed on the fact that it is very easy for someone to become a victim of a social engineer.

Findings

While many organizations recognize the importance and value of having strong internal controls, many fail to recognize the dangers associated with social engineering attacks.

Practical implications

Individuals and organizations remain vulnerable to social engineering attacks. The focus on internal controls is simply not enough and is not likely to prevent these attacks. Raising awareness is a good first step to addressing this significant and potentially dangerous problem.

Originality/value

This paper provides a concise summary of the most common social engineering techniques. It provides additional evidence that individuals need to better understand their susceptibility to becoming a victim of a social engineer as victims may expose their organizations to very significant harm.

Details

International Journal of Accounting & Information Management, vol. 20 no. 4
Type: Research Article
ISSN: 1834-7649

Keywords

To view the access options for this content please click here
Article
Publication date: 30 September 2014

Ann-Marie Kennedy and Andrew Parsons

The aim of this article is to explore how social engineering and social marketing are connected, and how social marketing is a tool used to achieve adherence to social

Abstract

Purpose

The aim of this article is to explore how social engineering and social marketing are connected, and how social marketing is a tool used to achieve adherence to social engineering.

Design/methodology/approach

Through examination of contemporary and historical thinking around social marketing, we present a conceptual argument that social marketing is another tool of the social engineer, and that social engineering, through methods such as social marketing, is pervasive throughout all societies in positive ways.

Findings

We develop a conceptual model of social engineering and social marketing, which goes beyond behaviour change to incorporate the essentials of society and the influencers of those essentials. In doing so, we show that social marketing influenced behaviour lies within the social engineering influenced laws, codes and norms of society, which in turn lie within the morals, values and beliefs of society.

Originality/value

This article provides for the first time a conceptual grounding of social marketing within social engineering, enabling academics and practitioners to contextualise social marketing activities in a broader societal framework.

Details

Journal of Social Marketing, vol. 4 no. 3
Type: Research Article
ISSN: 2042-6763

Keywords

To view the access options for this content please click here
Article
Publication date: 8 June 2015

– To explore the distinctions between social marketing and social engineering.

Abstract

Purpose

To explore the distinctions between social marketing and social engineering.

Design/methodology/approach

Evaluates alternative definitions proposed in the theoretical literature. Gives examples of the use of social engineering by democratic governments, contrasting this with the use by totalitarian regimes of a process of social fabrication, social engineering and social marketing in the form of propaganda.

Findings

The consequences of some individual behaviors don’t just affect that one person. When a widespread individual behavior has a social impact then society – typically the government – has to decide if the impact is bad enough to justify doing something about it. That can mean legislation, but is also likely to use marketing methods such as publicity campaigns to influence behavior. This kind of social marketing is generally seen as a “good thing”. Strange, perhaps, when people usually describe social engineering as a “bad thing”.

Practical implications

Concludes that when the public is fully aware of the links between social marketing and social engineering, people will be better able to appreciate the extent to which their behavior is being influenced.

Social implications

Argues that marketers have an obligation to assess whether social marketing campaigns in which they participate are consistent with the norms and values of their society.

Originality/value

Describes social engineering as a normal part of the business of government – whether totalitarian or democratically elected.

Details

Strategic Direction, vol. 31 no. 7
Type: Research Article
ISSN: 0258-0543

Keywords

To view the access options for this content please click here
Article
Publication date: 12 June 2017

Peter Schaab, Kristian Beckers and Sebastian Pape

This paper aims to outline strategies for defence against social engineering that are missing in the current best practices of information technology (IT) security. Reason…

Abstract

Purpose

This paper aims to outline strategies for defence against social engineering that are missing in the current best practices of information technology (IT) security. Reason for the incomplete training techniques in IT security is the interdisciplinary of the field. Social engineering is focusing on exploiting human behaviour, and this is not sufficiently addressed in IT security. Instead, most defence strategies are devised by IT security experts with a background in information systems rather than human behaviour. The authors aim to outline this gap and point out strategies to fill the gaps.

Design/methodology/approach

The authors conducted a literature review from viewpoint IT security and viewpoint of social psychology. In addition, they mapped the results to outline gaps and analysed how these gaps could be filled using established methods from social psychology and discussed the findings.

Findings

The authors analysed gaps in social engineering defences and mapped them to underlying psychological principles of social engineering attacks, for example, social proof. Furthermore, the authors discuss which type of countermeasure proposed in social psychology should be applied to counteract which principle. The authors derived two training strategies from these results that go beyond the state-of-the-art trainings in IT security and allow security professionals to raise companies’ bars against social engineering attacks.

Originality/value

The training strategies outline how interdisciplinary research between computer science and social psychology can lead to a more complete defence against social engineering by providing reference points for researchers and IT security professionals with advice on how to improve training.

Details

Information & Computer Security, vol. 25 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 21 November 2008

Michael Workman

Recently, the role of human behavior has become a focal point in the study of information security countermeasures. However, few empirical studies have been conducted to…

Abstract

Purpose

Recently, the role of human behavior has become a focal point in the study of information security countermeasures. However, few empirical studies have been conducted to test social engineering theory and the reasons why people may or may not fall victim, and even fewer have tested recommended treatments. Building on theory using threat control factors, the purpose of this paper is to compare the efficacy of recommended treatment protocols.

Design/methodology/approach

A confirmatory factor analysis of a threat control model was conducted, followed by a randomized assessment of treatment effects using the model. The data were gathered using a questionnaire containing antecedent factors, and samples of social engineering security behaviors were observed.

Findings

It was found that threat assessment, commitment, trust, and obedience to authority were strong indicators of social engineering threat success, and that treatment efficacy depends on which factors are most prominent.

Originality/value

This empirical study provides evidence for certain posited theoretical factors, but also shows that treatment efficacy for social engineering depends on targeting the appropriate factor. Researchers should investigate methods for factor assessment, and practitioners must develop interventions accordingly.

Details

Information Management & Computer Security, vol. 16 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article
Publication date: 7 September 2015

Karin Edvardsson Björnberg, Inga-Britt Skogh and Emma Strömberg

The purpose of this paper is to investigate what are perceived to be the main challenges associated with the integration of social sustainability into engineering

Abstract

Purpose

The purpose of this paper is to investigate what are perceived to be the main challenges associated with the integration of social sustainability into engineering education at the KTH Royal Institute of Technology, Stockholm.

Design/methodology/approach

Semi-structured interviews were conducted with programme leaders and teachers from four engineering programmes. The paper focuses on how the concept of social sustainability is defined and operationalised in the selected engineering programmes, how social sustainability is integrated and taught, and what resources are required to support teachers and programme leaders as social sustainability educators.

Findings

The findings show that programme leaders and teachers at KTH struggle to understand the concept of social sustainability. The vague and value-laden nature of the concept is considered a challenge when operationalising educational policy goals on social sustainability into effective learning outcomes and activities. A consequence is that the responsibility for lesson content ultimately falls on the individual teacher. Study visits and role-play are seen as the most effective tools when integrating social sustainability into the engineering curriculum. Allocation of specific resources including supplementary sustainability training for teachers and economic incentives are considered crucial to successful integration of social sustainability. The findings indicate that social sustainability education needs to be built on a theoretical foundation. It is therefore suggested that a literature canon be established that clarifies the contours of social sustainability.

Practical implications

The findings of the paper can be used as a basis for discussion regarding measures for improving social sustainability training in engineering education, a subject which has attracted relatively little attention, to date.

Originality/value

There is a noticeable lack of empirical research on how technical universities integrate social sustainability into engineering education. The paper provides an account of how actors directly involved in this work – programme leaders and teachers – define and operationalise the social dimension of sustainable development in their engineering curricula, the pedagogical tools they consider effective when teaching social sustainability issues to engineering students, and the resources they believe are needed to strengthen those efforts.

Details

International Journal of Sustainability in Higher Education, vol. 16 no. 5
Type: Research Article
ISSN: 1467-6370

Keywords

To view the access options for this content please click here
Article
Publication date: 8 April 2021

Ernesto Ferreira Vasconcellos, Bernardo Henrique Leso and Marcelo Nogueira Cortimiglia

This paper aims to identify challenges and opportunities for social enterprises (SE) in civil engineering in Brazil.

Abstract

Purpose

This paper aims to identify challenges and opportunities for social enterprises (SE) in civil engineering in Brazil.

Design/methodology/approach

Starting from the transformative social innovation theory and inspired by grounded theory principles, this paper conducts three-stage exploratory research. First, this paper mapped the Brazilian SE civil engineering ecosystem. Next, this paper classified the SE initiatives along with an organizing framework. Finally, this paper conducted 11 interviews with key ecosystem actors and analyzed data through iterative, parallel and interrelated content analysis procedures.

Findings

The 37 SE found were classified along “Sustainability,” “Housing,” “Transportation” and “Sanitation” pillars, which are aligned with the United Nations’ social development goals. This paper found 50 challenges and opportunities, which were aggregated along seven dimensions. Three elements are particularly relevant as opportunities: opportunities for SE with ecosystem supporters, specialized investors and partnership with major companies; while government and early investment are the most relevant challenges.

Research limitations/implications

Research findings and conclusions cannot be extended to other sectors and countries. Usual limitations associated with exploratory qualitative research must also be highlighted.

Practical implications

The government should offer financial and technical support for civil engineering in working in partnership with ecosystem supporters. Academy could use SE content and ecosystem for its students and should offer diverse resources for network creation.

Originality/value

Focusing on civil engineering SE in Brazil, this study sheds light on a high-impact sector that has not been studied yet.

Details

International Journal of Organizational Analysis, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1934-8835

Keywords

To view the access options for this content please click here
Article
Publication date: 10 February 2012

Ann‐Marie Kennedy and Andrew Parsons

The purpose of this paper is to show how macro‐social marketing and social engineering can be integrated and to illustrate their use by governments as part of a positive…

Abstract

Purpose

The purpose of this paper is to show how macro‐social marketing and social engineering can be integrated and to illustrate their use by governments as part of a positive social engineering intervention with examples from the Canadian anti‐smoking campaign.

Design/methodology/approach

This is a conceptual paper that uses the case of the Canadian anti‐smoking campaign to show that macro‐social marketing, as part of a wider systems approach, is a positive social engineering intervention.

Findings

The use of macro‐social marketing by governments is most effective when it is coupled with other interventions such as regulations, legislation, taxation, community mobilization, research, funding and education. When a government takes a systems approach to societal change, such as with the Canadian anti‐smoking campaign, this is positive use of social engineering.

Research limitations/implications

The social marketer can understand their role within the system and appreciate that they are potentially part of precipitating circumstances that make society susceptible to change. Social marketers further have a role in creating societal motivation to change, as well as promoting social flexibility, creating desirable images of change, attitudinal change and developing individual's skills, which contribute to macro‐level change.

Practical implications

Social marketers need to understand the structural and environmental factors contributing to the problem behavior and focus on the implementers and controllers of society‐wide strategic interventions.

Social implications

Eliminating all factors which enable problem behaviors creates an environmental context where it is easy for consumers to change behavior and maintain that change.

Originality/value

The value of this paper is in extending the literature on macro‐social marketing by governments and identifying the broader strategy they may be undertaking using positive social engineering. It is also in showing how marketers may use this information.

Details

Journal of Social Marketing, vol. 2 no. 1
Type: Research Article
ISSN: 2042-6763

Keywords

To view the access options for this content please click here
Book part
Publication date: 1 October 2008

Karen L. Tonso

Who can make claims “to know?” This chapter argues that there are distinct sets of understandings in social science versus STEM fields, and that STEM education research…

Abstract

Who can make claims “to know?” This chapter argues that there are distinct sets of understandings in social science versus STEM fields, and that STEM education research can benefit from interdisciplinarity, instead of being disciplinary (principally the purview of STEM insiders). The concept “gender” proves illustrative. Among many social science scholars, gender is understood as a complex social construction: contingent, contextual, contested ways that masculinities and femininities are embodied, enacted, and differentiated in everyday social life – as compared to simple, dichotomous male–female comparisons. Comparing social science and STEM conceptualizations of gender leads to three conclusions. First, empirical research with more forward-looking conceptualizations demonstrate that outdated underpinnings in STEM research overlook important issues, such as seeking solutions within individuals (especially students) instead of in the educational community or STEM culture. Second, since the frontier of social science keeps moving, and STEM insiders’ appreciations will necessarily lag new understandings, STEM-insider research might unfortunately be outdated from inception. Thirdly, the chapter concludes that collaborations between/among STEM and social science scholars have greater potential for research with explanatory power, research able to contribute better understandings of and solutions for dilemmas of STEM education.

Details

Integrating the Sciences and Society: Challenges, Practices, and Potentials
Type: Book
ISBN: 978-1-84855-299-9

1 – 10 of over 73000