Abstract

Organizational defenses rely on cybersecurity standards grounded in functional logics that provide guidance for structuring security measures, particularly against social engineering (SE) attacks, which remain among the most pervasive cyber threats. Established cybersecurity standards, such as NIST SP 800-53 and ISO/IEC 27032, define how countermeasures operate within a control system but offer less explicit guidance on how they evolve across time and within socio-technical systems. Recent IS research emphasizes temporal and socio-technical logics that explain when and by whom SE countermeasures are enacted. This paper seeks to clarify the conceptual relationships among these three logics and examines their treatment within the above standards in the context of SE attacks. A content mapping analysis shows that while both standards provide strong coverage of preventive and detective technical controls, additional insights are needed to support SE incident coping and post-incident learning, particularly through hybrid socio-technical mechanisms. This multidimensional view complements functional control logic with a temporal and socio-technical view, providing more comprehensive insights into the temporal and socio-technical coordination of SE incidents throughout their lifecycle. We contribute to theory by distinguishing complementary logics of holistic SE countermeasure strategies and to practice by investigating how standards can be extended towards SE defense-in-depth strategies.

Download

Share

COinS