Digital Special Collection Portal

Information security risk management framework for Social Engineering attack and digital prevention techniques


Shekh Abdullah -Al-Musa Ahmed (2020) Information security risk management framework for Social Engineering attack and digital prevention techniques. Doctoral thesis, Universiti Malaysia Kelantan. (Submitted)


Social Engineering is a domain of study in the information security area. As a matter of fact, social engineering can be any kind of bypass attacks on an organization. The attacks may happen in the forms of human-based Social Engineering attack, computer-based Social Engineering attack and mobile-based Social Engineering attack. Subsequently, these Social Engineering attacks could bring about damage to the organization. Thus, a dedicated risk management framework is needed to manage Social Engineering attacking risk factors. This research focuses on managing Social Engineering attacking risks in Malaysian environment. Mixed research method, combining quantitative and qualitative methods was employed to achieve the research objectives. Hence, 384 questionnaires were distributed to four Malaysian organizations such as health care, government agencies, banking, and education sectors; of which, 143 respondents data were collected for empirical analysis. Semi-structured interviews were conducted on eight organizations to reveal relevant information. Furthermore, empirical analyses such as assessment measurement model and assessment structural model are also done on the research model. Results show that risk management is needed as prevention technique of Social Engineering attacks on the organization. In addition, semi-structured interviews were also done on eight Malaysian organizations, to find out the importance, practice, difficulties, and effectiveness of Social Engineering attacking risk. It was seen that there was divergence in the key activities practiced for the prevention technique of Social Engineering attacks. That is the reason a dedicated risk management framework is needed for the prevention technique of SoE attacks on an organization. Moreover, framework confirmation done through expert-judgment also proved that the framework had thoroughly assessed information security risk management as prevention technique from Social Engineering attacking risk perspective and it is applicable to Malaysian organizations. Fundamentally, the development of the framework will enable organizations to identify Social Engineering attacking risk factors and to urgently address them so that the full benefits of the organization may be reaped.

Download File / URL

[thumbnail of Shekh Abdullah -Al-Musa Ahmed.pdf] Text
Shekh Abdullah -Al-Musa Ahmed.pdf - Submitted Version
Restricted to Registered users only

Download (5MB)

Additional Metadata

Item Type: UMK Etheses
Collection Type: Thesis
Subjects: Q Science > QA Mathematics > QA76 Computer software
Faculty/Centre/Office: Faculty of Creative Technology and Heritage
Depositing User: Repository Admin
Date Deposited: 04 Jul 2021 01:53
Last Modified: 29 Jun 2022 08:44
Statistic Details: View Download Statistic

Edit Record (Admin Only)

View Item View Item

The Office of Library and Knowledge Management, Universiti Malaysia Kelantan, 16300 Bachok, Kelantan.
Digital Special Collection (UMK Repository) supports OAI 2.0 with a base URL of