Abstract
Penetration testing is an increasingly common strategy adopted by organizations to mitigate security risks including those posed by social engineering—the deception of individuals for the purposes of circumventing information security measures. Drawing from 54 interviews with security auditors, IT professionals, and social engineers, this study explores participant descriptions of the (1) importance of social engineering penetration tests, (2) measurement of assessment outcomes, (3) use of penetration tests as part of security awareness programs, and (4) attitude social engineers should adopt in working with client organizations and their employees. Implications for security research and penetration testing are considered.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
