Paper Type
Complete
Abstract
Despite the profound impact of information systems (IS) on organizations, translating insights from academic research into frameworks guiding practice and supporting regulations remains difficult. This study seeks to contribute to the ongoing dialogue on this translation by considering the context of social engineering (SE) attacks, which are among the most persistent threats to organizations with severe potential consequences. Our results show that despite extensive coverage in prior academic research, there seems to be a lack of connection to two major cybersecurity frameworks reviewed (ISO 27032:2023 and NIST SP 800:53, Rev.5). We first synthesized prior literature reviews to evaluate SE attack countermeasures across human-based, technology-based, and hybrid-based themes. Secondly, by mapping these specific countermeasures to those found within these cybersecurity frameworks, we identified key gaps in the frameworks, including essential tools, such as SE landmines, decision models, or honeypots. Our findings provide actionable recommendations for improving SE countermeasure effectiveness in practice.
Paper Number
1136
Recommended Citation
Neumannova, Anita and Bernroider, Edward W.N., "Bridging Research and Standards: A Mapping of Social Engineering Countermeasures" (2025). AMCIS 2025 Proceedings. 3.
https://aisel.aisnet.org/amcis2025/sig_sec/sig_sec/3
Bridging Research and Standards: A Mapping of Social Engineering Countermeasures
Despite the profound impact of information systems (IS) on organizations, translating insights from academic research into frameworks guiding practice and supporting regulations remains difficult. This study seeks to contribute to the ongoing dialogue on this translation by considering the context of social engineering (SE) attacks, which are among the most persistent threats to organizations with severe potential consequences. Our results show that despite extensive coverage in prior academic research, there seems to be a lack of connection to two major cybersecurity frameworks reviewed (ISO 27032:2023 and NIST SP 800:53, Rev.5). We first synthesized prior literature reviews to evaluate SE attack countermeasures across human-based, technology-based, and hybrid-based themes. Secondly, by mapping these specific countermeasures to those found within these cybersecurity frameworks, we identified key gaps in the frameworks, including essential tools, such as SE landmines, decision models, or honeypots. Our findings provide actionable recommendations for improving SE countermeasure effectiveness in practice.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC