Interpersonal dimensions of information security

Abstract

This dissertation is a qualitative examination of three dimensions related to the phenomenon of social engineering. The first analysis examines the affective experience of engaging in social engineering perpetration. The results of this analysis detail the range and intensity of emotions experienced by social engineers through the course of a social engineering attempt, as well as the way in which the affective experience is mediated through interactions with targets and understandings of self. The second analysis examines how social engineers maintain deceptions across a social engineering attempt. This analysis found that social engineers employ two distinct forms of deception, bluff and stealth, and elucidates how social and technological factors are utilized by social engineers to maintain both these types of deception. The last analysis turns to the targets of social engineering, and examines how these targets engage in deception detection, which may prevent social engineering attempts from being successful. The results of this analysis find that deception detection is characterized as the target being able to detect anomalies in communications and interactions with social engineer. The results explicate the perceptual and cognitive aspects of deception detection, as well as highlight the role of knowledgeable entities, rather than individuals alone, in the accomplishment of deception detection.