Mapping the Intellectual Structure of the Social Engineering: a Co-citation and Bibliographic Coupling Study.

Article Sidebar

PDF (Español (España))
Published: Mar 29, 2023
DOI: https://doi.org/10.31095/investigatio.2023.20.10

Main Article Content

CRISTIAN NAVAS CAJAMARCA
a:1:{s:5:"es_ES";s:10:"0301543591";}
Saulo David Pérez Puchi

Abstract

This article’s objective is to map the intellectual structure of the Social Engineering Behavior (IS) based on the bibliometric analysis of co-citation (knowledge base) and bibliographic coupling (research front). This research presents the conceptualization of IS, social engineering in computing, safety suitability analysis, IS attack classification taxonomy and Psychological principles of IS applied to information technologies; a total of 62 Web of science research articles from the last two decades were analyzed. In the knowledge base, the analysis found co-citation articles related mainly to the training about defensive methods framework or mechanisms of work for the awareness and prevention of the IS attacks and human behavior activities. Regarding the research front, the analysis shows us a clear tendency to the methods focused mainly on the mechanisms of work for the awareness and prevention of the IS attacks, training about defensive methods in human behavioral activities. The findings are similar to the knowledge base. Future inquiries are proposed in order to make an analysis again about co-citation and compare with the results of our work for establishing any variation since the scientific knowledge increases through the time.

Downloads

Download data is not yet available.

Article Details

How to Cite
NAVAS CAJAMARCA, C., & Pérez Puchi, S. D. . (2023). Mapping the Intellectual Structure of the Social Engineering: a Co-citation and Bibliographic Coupling Study. INVESTIGATIO, 1(20). https://doi.org/10.31095/investigatio.2023.20.10
Issue
No. 20 (2023): Num. 20 (2023)
Section
Artículos
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

INVESTIGATIO es de acceso abierto y el contenido está disponible de manera gratuita a través de su sitio web: http://revistas.uees.edu.ec/index.php/IRR/.

Para reforzar nuestra política de acceso abierto, la revista INVESTIGATIO se publica bajo una licencia Creative Commons Reconocimiento-No Comercial 4.0 Internacional (CC-BY-NC 4.0), la cual permite compartir (copiar y redistribuir el material en cualquier medio o formato) y adaptar (remezclar, transformar y crear a partir del material), bajo la condición de que se den los créditos correspondientes y no se haga uso comercial de los materiales.

References

Airehrour, D. (2018). Social Engineering Attacks and Countermeasures in the New Zealand Banking System : Advancing a User-Reflective Mitigation Model. https://doi.org/10.3390/info9050110

Aldawood, H., & Skinner, G. (2019). Reviewing Cyber Security Social Engineering Training and Awareness Programs — Pitfalls and Ongoing Issues. https://doi.org/10.3390/fi11030073

Applegate, S. D. (2009). Social engineering: Hacking the wetware! Information Security Journal, 18(1), 40–46. https://doi.org/10.1080/19393550802623214

Aria, M., & Cuccurullo, C. (2017). bibliometrix: An R-tool for comprehensive science mapping analysis. Journal of Informetrics, 11(4), 959–975. https://doi.org/10.1016/j.joi.2017.08.007

Basri, W., Ismail, W., Yusof, M., & Science, I. (2018). Mitigation Strategies for Unintentional Insider Threats on Information Leaks. 12(1), 37–46.

Bull, J. H., Montoya, L., Pieters, W., Junger, M., & Hartel, P. H. (2015). The persuasion and security awareness experiment : reducing the success of social engineering attacks. https://doi.org/10.1007/s11292-014-9222-7

Bullée, J. H., Montoya, L., Junger, M., & Hartel, P. (2017). On the anatomy of social engineering attacks — A literature-based dissection of successful attacks. October 2015, 1–26. https://doi.org/10.1002/jip.1482

Buyya, R., Shin, C., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and emerging IT platforms : Vision , hype , and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 25(6), 599–616. https://doi.org/10.1016/j.future.2008.12.001

Catota, F. E., Granger Morgan, M., & Sicker, D. C. (2018). Cybersecurity incident response capabilities in the Ecuadorian financial sector. Journal of Cybersecurity, 4(1), 1–20. https://doi.org/10.1093/cybsec/tyy002

Catota, F. E., Granger Morgan, M., & Sicker, D. C. (2019). Cybersecurity education in a developing nation: The Ecuadorian environment. Journal of Cybersecurity, 5(1), 1–19. https://doi.org/10.1093/cybsec/tyz001

Cotteleer, M., & Sniderman, B. (2017). Forces of change: Industry 4.0. Deloitte Insights, 1–20. https://doi.org/10.1007/s11947-009-0181-3

Curtis, S. R., Rajivan, P., Jones, D. N., & Gonzalez, C. (2018). Phishing attempts among the dark triad: Patterns of attack and vulnerability. In Computers in Human Behavior (Vol. 87). Elsevier Ltd. https://doi.org/10.1016/j.chb.2018.05.037

D, J. M. H. P. (2017). Social engineering in cybersecurity: the evolution of a concept. Computers & Security. https://doi.org/10.1016/j.cose.2017.10.008

Deloitte. (2018). Ciberseguridad Encuesta 2018 sobre tendencias de Cyber Riesgos y Seguridad de la Información Ecuador. https://www2.deloitte.com/content/dam/Deloitte/ec/Documents/risk/Deloitte 2018 Cyber Risk Information Security Study - Ecuador vF.pdf

El Telégrafo. (2016). En Ecuador, el 85% de los delitos informáticos ocurre por descuido del usuario. https://www.eltelegrafo.com.ec/noticias/judicial/1/en-ecuador-el-85-de-los-delitos-informaticos-ocurre-por-descuido-del-usuario

FECYT. (2001). Recursos Científicos. Recursos Científicos. https://www.fecyt.es/es/recurso/recursos-cientificos

Fiscalía General del Estado. (2015). Los delitos informáticos van desde el fraude hasta el espionaje. https://www.fiscalia.gob.ec/los-delitos-informaticos-van-desde-el-fraude-hasta-el-espionaje/

Grazioli, S. (2004). Where did they go wrong? An analysis of the failure of knowledgeable Internet consumers to detect deception over the internet. Group Decision and Negotiation, 13(2), 149–172. https://doi.org/10.1023/B:GRUP.0000021839.04093.5d

Heartfield, R., & Loukas, G. (2018). Detecting semantic social engineering attacks with the weakest link : Implementation and empirical evaluation of a human-as-a-security-sensor framework. Computers & Security. https://doi.org/10.1016/j.cose.2018.02.020

Hjørland, B. (2010). Letter to the Editor: Answer to Professor Szostak (concept theory). Journal of the American Society for Information Science & Technology, 61(5), 1078–1079. https://doi.org/10.1002/asi

Instituto Nacional de Estadística y Censos INEC. (2015). Resumen Ejecutivo. Módulo de Tecnologías de La Información y La Comunicación - TIC de Las Encuestas de Manufactura y Minería, Comercio Interno y Servicios 2015, 1–12.

Ivaturi, K., & Janczewski, L. (2014). Journal of Global Information Social Engineering Preparedness of Online Banks : An Asia-Pacific Perspective. December. https://doi.org/10.1080/1097198X.2013.10845647

Jagatic, B. T. N., Johnson, N. A., & Jakobsson, M. (2007). Social Phisihing. 50(10).

Kevin D. Mitnick, William L. Simon, S. W. (2003). THE ART OF DECEPTION: Controlling the human element of security (1st ed.). Wiley Publishing, Inc. https://doi.org/112147

Kitchenham, B., & Charters, S. (2007). Guidelines for performing Systematic Literature Reviews in SE. Guidelines for Performing Systematic Literature Reviews in SE, 1–44. https://userpages.uni-koblenz.de/%7B~%7Dlaemmel/esecourse/slides/slr.pdf

Kritzinger, E., & Von Solms, S. H. (2010). Cyber security for home users: A new way of protection through awareness enforcement. Computers and Security, 29(8), 840–847. https://doi.org/10.1016/j.cose.2010.08.001

Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering attacks. Journal of Information Security and Applications; Elsevier Ltd. https://doi.org/10.1016/j.jisa.2014.09.005

Kruger, H. A., & Kearney, W. D. (2006). A prototype for assessing information security awareness. Computers and Security, 25(4), 289–296. https://doi.org/10.1016/j.cose.2006.02.008

Liu, X. (2013). Full-Text Citation Analysis : A New Method to Enhance. Journal of the American Society for Information Science and Technology, 64(July), 1852–1863. https://doi.org/10.1002/asi

Makridakis, A., Athanasopoulos, E., Antonatos, S., Antoniades, D., Ioannidis, S., & Markatos, E. P. (2010). Understanding the Behavior of Malicious Applications in Social Networks. October, 14–19.

Manterola, C., & Otzen, T. (2015). Bias in Clinical Research. International Journal of Morphology, 33(3), 1156–1164. https://doi.org/10.4067/S0717-95022015000300056

Mao, J. (2019). Phishing page detection via learning classifiers from page layout feature.

Mouton, F., Leenen, L., & Venter, H. S. (2016). Social Engineering Attack Examples , Templates and Scenarios. Computers & Security. https://doi.org/10.1016/j.cose.2016.03.004

Mózo, B. S. (2017). 済無No Title No Title. In Journal of Chemical Information and Modeling (Vol. 53, Issue 9). https://doi.org/10.1017/CBO9781107415324.004

Noyce, R. N., & Hoff, M. E. (1981). A History of Microprocessor Development at Intel. IEEE Micro, 1(1), 8–21. https://doi.org/10.1109/MM.1981.290812

Pluas, N., & Jazm, G. (2020). MAESTRÍA EN AUDITORÍA DE.

Salahdine, F. (2019). Social Engineering Attacks : A Survey as. https://doi.org/10.3390/fi11040089

Sancho-Hirare, C. (2017). Ciberseguridad. Presentación del dossier. URVIO, Revista Latinoamericana de Estudios de Seguridad, 20, 8–15. https://scielo.conicyt.cl/pdf/eure/v31n93/art04.pdf

Servicio Ecuatoriano de Normalización INEN. (2017). Tecnologías de la Información y Comunicación Contenido. Norma Técnica Ecuatoriana. Tecnologías de La Información - Técnicas de Seguridad - Código de Práctica Para Los Controles de Seguridad de La Información (ISO/IEC 27002:2013 + Cor1.: 2014 + Cor.2: 2015, IDT)(2). Quito, Pichincha, Ecuador: Servicio Ecuatoria.