Abstract
Millions of people willingly expose their lives via Internet technologies every day, and even those who stay off the Internet find themselves exposed through data breaches. Trillions of private information records flow through the Internet. Marketers gather personal preferences to coerce shopping behavior, while providers gather personal information to provide enhanced services. Few users have considered where their information is going or who has access to it. Even fewer are aware of how decisions made in their own lives expose significant pieces of information, which can be used to harm the very organizations they are affiliated with by cyber attackers. While this threat can affect everyone, upper management provides a significantly higher risk due to their level of access to critical data and finances targeted by cybercrime. Thus, the goal of this work-in-progress research is to develop and validate a means to measure exposure to social engineering of 100 executives from Fortune 500 companies. This work-in-progress study will include a mixed methods approach combining an expert panel using the Delphi method, developmental research, and a quantitative data collection. The expert panel will provide a weighted evaluation instrument, subsequently used to develop an algorithm that will form the basis for a Social Engineering eXposure Index (SEXI) using publicly available personal information found on the Internet on these executives, which will help quantify the exposure of each executive. The collected data will be quantitatively evaluated, analyzed, and presented.
Included in
Information Security Commons, Management Information Systems Commons, Technology and Innovation Commons
Towards a development of a Social Engineering eXposure Index (SEXI) using publicly available personal information
Millions of people willingly expose their lives via Internet technologies every day, and even those who stay off the Internet find themselves exposed through data breaches. Trillions of private information records flow through the Internet. Marketers gather personal preferences to coerce shopping behavior, while providers gather personal information to provide enhanced services. Few users have considered where their information is going or who has access to it. Even fewer are aware of how decisions made in their own lives expose significant pieces of information, which can be used to harm the very organizations they are affiliated with by cyber attackers. While this threat can affect everyone, upper management provides a significantly higher risk due to their level of access to critical data and finances targeted by cybercrime. Thus, the goal of this work-in-progress research is to develop and validate a means to measure exposure to social engineering of 100 executives from Fortune 500 companies. This work-in-progress study will include a mixed methods approach combining an expert panel using the Delphi method, developmental research, and a quantitative data collection. The expert panel will provide a weighted evaluation instrument, subsequently used to develop an algorithm that will form the basis for a Social Engineering eXposure Index (SEXI) using publicly available personal information found on the Internet on these executives, which will help quantify the exposure of each executive. The collected data will be quantitatively evaluated, analyzed, and presented.
Comments
Official submission to journal and proceedings.