Author:
Pharris Lily,Perez-Mira Begona
Abstract
Purpose
The purpose of this transcendental phenomenological qualitative research study is to understand the essence of what it is like to be an information systems professional working in the USA while managing and defending against social engineering attacks on an organization. The findings add to the information system (IS) body of literature by uncovering commonly shared attitudes, motivations, experiences and beliefs held by IS professionals who are responsible for protecting their company from social engineering attacks.
Design/methodology/approach
This is a qualitative, transcendental phenomenological study that was developed to gain a deeper understanding about the essence of what it is like to be an IS professional defending a US business against social engineering attacks. This research design is used when sharing the experiences of study participants is more important than presenting the interpretations of the researcher. To target participants from the industries identified as regularly targeted by social engineers, purposive sampling was used in conjunction with the snowball sampling technique to find additional participants until saturation was reached.
Findings
Ten themes emerged from the data analysis: (1) foster a security culture, (2) prevention means education, (3) layered security means better protection, (4) prepare, defend and move on, (5) wide-ranging responsibilities, (6) laying the pipes, (7) all hands on deck, (8) continuous improvement, (9) attacks will never be eliminated and (10) moving pieces makes it harder. The ten themes, together, reveal the essence of the shared experiences of the participants with the phenomenon.
Originality/value
Understanding how to defend an enterprise from social engineering attacks is an international issue with implications for businesses and IS professionals across the world. The findings revealed that to prevent social engineer attacks, all employees – IS and non-IS professionals alike – must be unified in their desire to protect the organization. This means IS professionals and organizational leadership must establish a strong security culture, not only through layered technology and electronic controls but also through open communication between all departments and continuously engaging, training and reinforcing social engineering education, policies, procedures and practices with all employees.
Subject
Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems
Reference67 articles.
1. Coping strategies for managing occupational stress for improved worker productivity;IFE PsychologIA: An International Journal,2017
2. Amsden, N.D. and Chen, L. (2012), “Combating social engineering: a DoD perspective”, Proceedings of the International Conference on Security and Management (SAM; p. 1), The Steering Committee of the World Congress in Computer Science, Computer Engineering, and Applied Computering (WorldComp), available at: http://ezproxy.liberty.edu/login?url=https://search-proquest-com.ezproxy.liberty.edu/docview/1426803183?accountid=12085
3. Prevention is better than cure! designing information security awareness programs to overcome users' non-compliance with information security policies in banks;Computers and Security,2017
4. Social engineering: the forgotten risk;Canadian HR Reporter,2003
5. Are miserly budgets putting businesses at risk of cyber-attack?;Computer Fraud and Security,2018
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献