Abstract
Due to the value and diversity of data that organizations use and produce in their activity, it is extremely important to protect this asset. Security flaws can arise due to several factors and whenever it is difficult to access the desired information because of technological barriers. In this case, attacks are redirected to the exploitation of human beings vulnerabilities through various techniques. The objective of this work focuses on literature review, studying the underlying theme of Social Engineering, as it uses human trust, convincing someone of something fake, using various interactions and different vectors to gain access to private information. Design Science Research will support the research work due to the possibility of construction, evaluation, and subsequent validation of the artefact. The contribution of a framework proposal for preventing social engineering attacks in organizations and providing the best recommendations, guiding, and supporting the stakeholders in the selection and definition of controls that guarantee the security of organizational information and avoid possible attacks by Social Engineering. It is expected that the practical effects of the future work will result in a reduction in the number of attacks using Social Engineering, greater individual and collective preparation to deal with this problem and, over time, the incentive to the continued expansion of the adoption of these artefacts at the organizational level.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ada, Ş, Ghaffarzadeh, M.: Decision making based on management information system and decision support system. Eur. Res. 93, 260–269 (2015)
Astakhova, L.: Evaluation assurance levels for human resource security of an information system. Procedia Eng. 129, 635–639 (2015)
Bansla, N., Kunwar, S., Jain, K.: Social engineering: a technique for managing human behavior (2019)
Beckers, K., Pape, S.: A serious game for eliciting social engineering security requirements (2016)
Bianchi, I., Dinis, R.: Governança de TI em universidades públicas: Proposta de um modelo. Instituto Universitário de Lisboa (ISCTE-IUL). http://repositorium.sdum.uminho.pt/handle/1822/39467, Accessed 01 Nov 2021
Breda, F., Barbosa, H., Morais, T.: Social engineering and cyber security (2017)
Brocke, J., Hevner, A., Maedche, A.: Introduction to design science research (2020)
Conteh, N., Schmick, P.: Cybersecurity: risks, vulnerabilities, and countermeasures to prevent social engineering attacks. Int. J. Adv. Comput. Res. 6, 31 (2016)
Diesch, R., Pfaff, M., Krcmar, H.: A comprehensive model of information security factors for decision-makers. Comput. Secur. 92, 101747 (2020)
Farinha, P., Sousa, G.: O Impacto da Consciencialização dos Colaboradores na Segurança da Informação das Organizações. Revista CyberLaw. Edição N.º XI. Março 2021. CIJIC (2021)
Ferreira, I., Ferreira, S., Silva, C., Carvalho, J.: Dilemas iniciais na investigação em TSI design science e design research, uma clarificação de conceitos. In: Proceedings of Conferência Ibérica de Sistemas y Tecnologias de Informação (2012)
Ghafir, I., Prenosil, V., Alhejailan, A., Hammoudeh, M.: Social engineering attack strategies and defence approaches, pp 145–149 (2016)
Ghafir, I., et al.: Security threats to critical infrastructure: the human factor. J. Supercomput. 74(10), 4986–5002 (2018). https://doi.org/10.1007/s11227-018-2337-2
Hevner, A., March, S., Park, J., Ram, S.: Design science in information systems research. MIS Q. 1(28), 75–105 (2004)
Kalniņš, R., Puriņš, J., Alksnis, G.: Security evaluation of wireless network access points. Appl. Comput. Syst. 21, 38–45 (2017)
Lacerda, P., Dresch, A., Proença, A., Antunes, A.: Design Science research: 89 método de pesquisa para a engenharia de produção. Gestão Produção 20(4), 741–761 (2011). https://doi.org/10.1590/S0104-530X2013005000014, Accessed 01 Nov 2021
Lohani, S.: Social engineering: hacking into humans. Int. J. Adv. Stud. Sci. Res. 4(1) (2021). https://ssrn.com/abstract=3329391, Accessed 01 Nov 2021
Lopes, A., Reis, L.: Framework para Avaliação de Ameaças à Segurança de Informação com Recurso a Engenharia Social no contexto Organizacional. In: IFM Conference – Internacional Fórum on Managment (2021)
Lopes, A., Reis, L.: Engenharia Social: Uma ameaça oculta para a Segurança da Informação Organizacional. In Reis, L., et al. (eds.) Temas Emergentes em Ciências Empresariais - Novas abordagens nas áreas científicas da Contabilidade, Finanças, Sistemas de Informação, Metodologias e Práticas Pedagógicas. Edições Sílabo (2022)
Merwe, J., Mouton, F.: Mapping the anatomy of social engineering attacks to the systems engineering life cycle (2017)
Mouton, F., Leenen, L., Venter, H.: Social engineering attack examples, templates and scenarios. Comput. Secur. 2016(59), 186–209 (2016)
Pandey, A.: Phishing and social engineering techniques (2019)
Pedro, S.: Modelação de Processos para as principais áreas de Recursos Humanos. Nova Information Management School (2015)
Peffers, K., Tuunanen, T., Rothenberger, M., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24, 45–77 (2007)
Pokrovskaia, N.: Social engineering and digital technologies for the security of the social capital development. In: Proceedings of the International Conference of Quality Management, Transport and Information Security, Petersburg, Russia, 24–30 September 2017, pp. 16–19 (2017)
Roquete, M.: Modelo de maturidade para apoio à implementação de uma filosofia de gestão orientada a processos numa organização. Nova Information Management School, Lisboa (2018)
Salahdine, F., Kaabouch, N.: Social engineering attacks: a survey. Fut. Internet 11, 89 (2019)
Stallings, W.: Cryptography and Network Security: Principles and Practice, 7 edn. Pearson Education, Harlow (2017)
Venkatesha, S., Reddy, R., Chandavarkar, R.: social engineering attacks during the COVID-19 pandemic. SN Comput. Sci. 2, 78 (2021). https://doi.org/10.1007/s42979-020-00443-1, Accessed 01 Nov 2021
Van, D., Sjouw, A., Smakman, M., Smit, K.: Social engineering as approach for probing organizations to improve IT security: a case study at a large international firm in the transport industry, pp. 119–126 (2019)
Veiga, A., Astakhova, L., Botha, A., Herselman, M.: Defining organizational information security culture – perspectives from academia and industry. Comput. Secur. 92, 101713 (2020)
Wang, Z., Sun, L., Zhu, H.: Defining social engineering in cybersecurity. IEEE Access 8, 85094 (2021). https://doi.org/10.1109/ACCESS.2020.2992807, Accessed 01 Nov 2021
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Lopes, A., Reis, L., São Mamede, H., Santos, A. (2022). Information Security Threat Assessment Using Social Engineering in the Organizational Context – Literature Review. In: Rocha, A., Adeli, H., Dzemyda, G., Moreira, F. (eds) Information Systems and Technologies. WorldCIST 2022. Lecture Notes in Networks and Systems, vol 469. Springer, Cham. https://doi.org/10.1007/978-3-031-04819-7_24
Download citation
DOI: https://doi.org/10.1007/978-3-031-04819-7_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-04818-0
Online ISBN: 978-3-031-04819-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)