<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">managementranepa</journal-id><journal-title-group><journal-title xml:lang="ru">Управленческое консультирование</journal-title><trans-title-group xml:lang="en"><trans-title>Administrative Consulting</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1726-1139</issn><issn pub-type="epub">1816-8590</issn><publisher><publisher-name>Russian Presidential Academy of National Economy and Public Administration. North-West Institute of Management.</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.22394/1726-1139-2022-2-123-138</article-id><article-id custom-type="elpub" pub-id-type="custom">managementranepa-1893</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ОБЩЕСТВО И РЕФОРМЫ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>SOCIETY AND REFORMS</subject></subj-group></article-categories><title-group><article-title>Психологические аспекты информационной безопасности организации в контексте социоинженерных атак</article-title><trans-title-group xml:lang="en"><trans-title>Psychological Aspects of the Organization’s Information Security in the Context of Socio-engineering Attacks</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Тулупьева</surname><given-names>Т. В.</given-names></name><name name-style="western" xml:lang="en"><surname>Tulupieva</surname><given-names>T. V.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Тулупьева Татьяна Валентиновна, доцент факультета государственного и муниципального управления, кандидат психологических наук, доцент</p><p>Санкт-Петербург</p></bio><bio xml:lang="en"><p>Tatyana V. Tulupieva, Associate Professor of the Faculty of State and Municipal Management, PhD in Psychology, Associate Professor</p><p>Saint-Petersburg</p></bio><email xlink:type="simple">tulupeva-tv@ranepa.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Российская академия народного хозяйства и государственной службы при Президенте Российской Федерации (Северо-Западный институт управления РАНХиГС)</institution></aff><aff xml:lang="en"><institution>Russian Presidential Academy of National Economy and Public Administration (North-West Institute of Management, Branch of RANEPA)</institution></aff></aff-alternatives><pub-date pub-type="collection"><year>2022</year></pub-date><pub-date pub-type="epub"><day>15</day><month>03</month><year>2022</year></pub-date><volume>0</volume><issue>2</issue><fpage>123</fpage><lpage>128</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Тулупьева Т.В., 2022</copyright-statement><copyright-year>2022</copyright-year><copyright-holder xml:lang="ru">Тулупьева Т.В.</copyright-holder><copyright-holder xml:lang="en">Tulupieva T.V.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.acjournal.ru/jour/article/view/1893">https://www.acjournal.ru/jour/article/view/1893</self-uri><abstract><p>Целью данной обзорной статьи является определение подходов к решению имеющихся проблем в учете психологических аспектов информационной безопасности организации в контексте социоинженерных атак на основе анализа и систематизации источников по данной теме.</p><sec><title>Методы</title><p>Методы. Для достижения поставленной цели выбраны два взаимодополняющих направления. Первое направление включало в себя изучение выбранных специализированных журналов. В рамках второго направления была проанализирована представленность данной проблемы в базе данных Scopus за последние 20 лет.</p></sec><sec><title>Результаты</title><p>Результаты. Проведен анализ психологических аспектов ключевых элементов социоинженерной атаки: знания и умения злоумышленника, организационные условия, особенности сотрудника, который является частью автоматизированных информационных систем и направления обучения и профилактики. Предложена модель социоинженерной атаки с учетом психологических аспектов.</p></sec><sec><title>Выводы</title><p>Выводы. Проведенное исследование показало, что разработанных сейчас подходов достаточно для того, чтобы они легли в основу пересмотра кадровых процессов в организации. Без подключения кадровых служб в части изменения кадровых процессов с учетом политик информационной безопасности проблема социоинженерных атак не может быть решена. Результаты данного исследования будут интересны специалистам в области управления персоналом, подготовки кадров, информационной безопасности, информационных технологий, искусственного интеллекта; руководителям, владельцам бизнеса, руководителям государственных и муниципальных органов.</p></sec></abstract><trans-abstract xml:lang="en"><p>The purpose of this review article is to determine approaches to solving existing problems in taking into account the psychological aspects of an organization’s information security in the context of socio-engineering attacks based on the analysis and systematization of sources on this topic.</p><sec><title>Methods</title><p>Methods. To achieve this goal, two complementary directions were chosen. The first direction included the investigation of selected specialized journals. The second direction involved the analysis of the representation of this problem in the Scopus database over the past 20 years.</p></sec><sec><title>Results</title><p>Results. The analysis of the psychological aspects of the key elements of a socio-engineering attack is carried out: the knowledge and skills of the attacker, organizational conditions, the characteristics of an employee who is part of information systems and the direction of training and prevention. A model of socio-engineering attack considering psychological aspects is proposed.</p></sec><sec><title>Conclusions</title><p>Conclusions. The study showed that the approaches developed now are sufficient to form the basis for the revision of personnel processes in the organization. The problem of social engineering attacks cannot be solved without the involvement of HR services in terms of changing HR processes, taking into account information security policies. The results of this study will be of interest to specialists in the field of personnel management, personnel training, information security, information technology, artificial intelligence, executives, business owners, heads of state and municipal bodies.</p></sec></trans-abstract><kwd-group xml:lang="ru"><kwd>социальная инженерия</kwd><kwd>атакующее воздействие</kwd><kwd>уязвимость пользователя</kwd><kwd>обучение</kwd></kwd-group><kwd-group xml:lang="en"><kwd>social engineering</kwd><kwd>attack impact</kwd><kwd>user vulnerability</kwd><kwd>training</kwd></kwd-group><funding-group><funding-statement xml:lang="ru">Исследование выполнено при финансовой поддержке Фонда развития научных исследований и прикладных разработок СЗИУ РАНХиГС.</funding-statement></funding-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">2021 Data Breach Investigations Report (DBIR) [Electronic resource]. URL: https://enterprise.verizon.com/business/resources/reports/2021-data-breach-investigations-report.pdfx/ (дата обращения: 20.12.2021).</mixed-citation><mixed-citation xml:lang="en">2021 Data Breach Investigations Report (DBIR) [Electronic resource]. URL: https://enterprise.verizon.com/business/resources/reports/2021-data-breach-investigations-report.pdfx/ (дата обращения: 20.12.2021).</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Abraham S., Chengalur-Smith I. “An overview of social engineering malware: TRENDS, tactics, and implications” // Technology in Society. 2010. Vol. 32. N 3. P. 183–196.</mixed-citation><mixed-citation xml:lang="en">Abraham S., Chengalur-Smith I. “An overview of social engineering malware: TRENDS, tactics, and implications” // Technology in Society. 2010. Vol. 32. N 3. P. 183–196.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Ahmad Z., Ong T.S., Liew T. H., Norhashim M. Security monitoring and information security assurance behaviour among employees: An empirical analysis // Information and Computer Security. 2019. Vol. 27. N 2. P. 165–188.</mixed-citation><mixed-citation xml:lang="en">Ahmad Z., Ong T.S., Liew T. H., Norhashim M. Security monitoring and information security assurance behaviour among employees: An empirical analysis // Information and Computer Security. 2019. Vol. 27. N 2. P. 165–188.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Algarni A., Xu Y., Chan T., Tian Y.-C. Social engineering in social networking sites: Affect-based model // Internet Technology and Secured Transactions (ICITST). 8th International Conference for. IEEE. 2013. P. 508–515.</mixed-citation><mixed-citation xml:lang="en">Algarni A., Xu Y., Chan T., Tian Y.-C. Social engineering in social networking sites: Affect-based model // Internet Technology and Secured Transactions (ICITST). 8th International Conference for. IEEE. 2013. P. 508–515.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Alohali M., Clarke N., Li F., Furnell S. Identifying and predicting the factors affecting end-users’ risk-taking behavior // Information and Computer Security. 2018. Vol. 26. N 3. P. 306–326.</mixed-citation><mixed-citation xml:lang="en">Alohali M., Clarke N., Li F., Furnell S. Identifying and predicting the factors affecting end-users’ risk-taking behavior // Information and Computer Security. 2018. Vol. 26. N 3. P. 306–326.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Alshare K. A., Lane P. L., Lane M.R. Information security policy compliance: a higher education case study // Information and Computer Security.2018. Vol. 26. N 1. P. 91–108.</mixed-citation><mixed-citation xml:lang="en">Alshare K. A., Lane P. L., Lane M.R. Information security policy compliance: a higher education case study // Information and Computer Security.2018. Vol. 26. N 1. P. 91–108.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Alsharif M., Mishra S., AlShehri M. Impact of Human Vulnerabilities on Cybersecurity // Computer Systems Science and Engineering. 2022. Vol. 40 (3). P. 1153–1166.</mixed-citation><mixed-citation xml:lang="en">Alsharif M., Mishra S., AlShehri M. Impact of Human Vulnerabilities on Cybersecurity // Computer Systems Science and Engineering. 2022. Vol. 40 (3). P. 1153–1166.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Ashenden D. In their own words: employee attitudes towards information security // Information and Computer Security. 2018. Vol. 26. N 3. P. 327–337.</mixed-citation><mixed-citation xml:lang="en">Ashenden D. In their own words: employee attitudes towards information security // Information and Computer Security. 2018. Vol. 26. N 3. P. 327–337.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Bezuidenhout M., Mouton F., Venter H. Social engineering attack detection model: Seadm // Information Security for South Africa (ISSA), 2010. IEEE. 2010. P. 1–8.</mixed-citation><mixed-citation xml:lang="en">Bezuidenhout M., Mouton F., Venter H. Social engineering attack detection model: Seadm // Information Security for South Africa (ISSA), 2010. IEEE. 2010. P. 1–8.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Bullee J.-W., Junger M. How effective are social engineering interventions? A meta-analysis // Information and Computer Security.2020. Vol. 28. N 5. P. 801–830.</mixed-citation><mixed-citation xml:lang="en">Bullee J.-W., Junger M. How effective are social engineering interventions? A meta-analysis // Information and Computer Security.2020. Vol. 28. N 5. P. 801–830.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Camp L. J., Grobler M., Jang-Jaccard J., Probst C. at al. Measuring human resilience in the face of the global epidemiology of cyber attacks // Proceedings of the 52nd Hawaii International Conference on System Sciences. 2019.</mixed-citation><mixed-citation xml:lang="en">Camp L. J., Grobler M., Jang-Jaccard J., Probst C. at al. Measuring human resilience in the face of the global epidemiology of cyber attacks // Proceedings of the 52nd Hawaii International Conference on System Sciences. 2019.</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Carlton M., Levy Y., Ramim M. Mitigating cyber attacks through the measurement of non-IT professionals’ cybersecurity skills // Information and Computer Security. 2019. Vol. 27. N 1. P. 101–121.</mixed-citation><mixed-citation xml:lang="en">Carlton M., Levy Y., Ramim M. Mitigating cyber attacks through the measurement of non-IT professionals’ cybersecurity skills // Information and Computer Security. 2019. Vol. 27. N 1. P. 101–121.</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Cialdini R. B. Influence: Science and practice (5th ed.). Boston : Allyn &amp; Bacon, 2009.</mixed-citation><mixed-citation xml:lang="en">Cialdini R. B. Influence: Science and practice (5th ed.). Boston : Allyn &amp; Bacon, 2009.</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Da Veiga A. An information privacy culture instrument to measure consumer privacy expectations and confidence // Information and Computer Security.2018. Vol. 26. N 3. P. 338–364.</mixed-citation><mixed-citation xml:lang="en">Da Veiga A. An information privacy culture instrument to measure consumer privacy expectations and confidence // Information and Computer Security.2018. Vol. 26. N 3. P. 338–364.</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Evans M. G., He Y., Yevseyeva I., Janicke H. Published incidents and their proportions of human error // Information and Computer Security.2019. Vol. 27. N 3. P. 343–357.</mixed-citation><mixed-citation xml:lang="en">Evans M. G., He Y., Yevseyeva I., Janicke H. Published incidents and their proportions of human error // Information and Computer Security.2019. Vol. 27. N 3. P. 343–357.</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Ghafir I., Prenosil V., Alhejailan A., Hammoudeh M. Social Engineering Attack Strategies and Defence Approaches // 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud). 2016. P. 145–149.</mixed-citation><mixed-citation xml:lang="en">Ghafir I., Prenosil V., Alhejailan A., Hammoudeh M. Social Engineering Attack Strategies and Defence Approaches // 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud). 2016. P. 145–149.</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Glaspie H. W., Karwowski W. Human factors in information security culture: a literature review // Advances in Human Factors in Cybersecurity. 2018. Springer International Publishing. P. 269–280.</mixed-citation><mixed-citation xml:lang="en">Glaspie H. W., Karwowski W. Human factors in information security culture: a literature review // Advances in Human Factors in Cybersecurity. 2018. Springer International Publishing. P. 269–280.</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Hatzivasilis G., Ioannidis S., Smyrlis M., Spanoudakis G. at al. Modern aspects of cyber-security training and continuous adaptation of programmes to trainees // Applied Sciences. 2020. Vol. 10, N 16. P. 5702.</mixed-citation><mixed-citation xml:lang="en">Hatzivasilis G., Ioannidis S., Smyrlis M., Spanoudakis G. at al. Modern aspects of cyber-security training and continuous adaptation of programmes to trainees // Applied Sciences. 2020. Vol. 10, N 16. P. 5702.</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Heartfield R., Loukas G. Detecting semantic social engineering attacks with the weakest link: implementation and empirical evaluation of a human-as-a-security-sensor framework // Computers and Security. 2018. Vol. 76. P. 101–127.</mixed-citation><mixed-citation xml:lang="en">Heartfield R., Loukas G. Detecting semantic social engineering attacks with the weakest link: implementation and empirical evaluation of a human-as-a-security-sensor framework // Computers and Security. 2018. Vol. 76. P. 101–127.</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Hong Y., Xu M. Autonomous Motivation and Information Security Policy Compliance: Role of Job Satisfaction, Responsibility, and Deterrence // Journal of Organizational and End User Computing (JOEUC). 2021. Vol. 33 (6). P. 1–17.</mixed-citation><mixed-citation xml:lang="en">Hong Y., Xu M. Autonomous Motivation and Information Security Policy Compliance: Role of Job Satisfaction, Responsibility, and Deterrence // Journal of Organizational and End User Computing (JOEUC). 2021. Vol. 33 (6). P. 1–17.</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Hwang M. I., Helser S. Cybersecurity educational games: a theoretical framework // Information and Computer Securityю 2021. Vol. ahead-of-print N ahead-of-print. DOI: 10.1108/ICS-10- 2020-0173.</mixed-citation><mixed-citation xml:lang="en">Hwang M. I., Helser S. Cybersecurity educational games: a theoretical framework // Information and Computer Securityю 2021. Vol. ahead-of-print N ahead-of-print. DOI: 10.1108/ICS-10- 2020-0173.</mixed-citation></citation-alternatives></ref><ref id="cit22"><label>22</label><citation-alternatives><mixed-citation xml:lang="ru">Jones K.S., Armstrong M. E., Tornblad M.K., Siami Namin A. How social engineers use persuasion principles during vishing attacks // Information and Computer Security. 2021. Vol. 29. N 2. P. 314–331.</mixed-citation><mixed-citation xml:lang="en">Jones K.S., Armstrong M. E., Tornblad M.K., Siami Namin A. How social engineers use persuasion principles during vishing attacks // Information and Computer Security. 2021. Vol. 29. N 2. P. 314–331.</mixed-citation></citation-alternatives></ref><ref id="cit23"><label>23</label><citation-alternatives><mixed-citation xml:lang="ru">Kajtazi M., Cavusoglu H., Benbasat I., Haftor D. Escalation of commitment as an antecedent to noncompliance with information security policy // Information and Computer Security. 2018. Vol. 26. N 2. P. 171–193.</mixed-citation><mixed-citation xml:lang="en">Kajtazi M., Cavusoglu H., Benbasat I., Haftor D. Escalation of commitment as an antecedent to noncompliance with information security policy // Information and Computer Security. 2018. Vol. 26. N 2. P. 171–193.</mixed-citation></citation-alternatives></ref><ref id="cit24"><label>24</label><citation-alternatives><mixed-citation xml:lang="ru">Karlsson M., Denk T., Åström J. Perceptions of organizational culture and value conflicts in information security management // Information and Computer Security. 2018. Vol. 26. N 2. P. 213–229.</mixed-citation><mixed-citation xml:lang="en">Karlsson M., Denk T., Åström J. Perceptions of organizational culture and value conflicts in information security management // Information and Computer Security. 2018. Vol. 26. N 2. P. 213–229.</mixed-citation></citation-alternatives></ref><ref id="cit25"><label>25</label><citation-alternatives><mixed-citation xml:lang="ru">Kim H. L., Choi H.S., Han J. Leader power and employees’ information security policy compliance // Secur J. 2019. Vol. 32. P. 391–409.</mixed-citation><mixed-citation xml:lang="en">Kim H. L., Choi H.S., Han J. Leader power and employees’ information security policy compliance // Secur J. 2019. Vol. 32. P. 391–409.</mixed-citation></citation-alternatives></ref><ref id="cit26"><label>26</label><citation-alternatives><mixed-citation xml:lang="ru">Komura R., Yajima K. Security education using gamification theory // International Conference on Engineering, Applied Sciences, and Technology (ICEAST). 2018. P. 1–4.</mixed-citation><mixed-citation xml:lang="en">Komura R., Yajima K. Security education using gamification theory // International Conference on Engineering, Applied Sciences, and Technology (ICEAST). 2018. P. 1–4.</mixed-citation></citation-alternatives></ref><ref id="cit27"><label>27</label><citation-alternatives><mixed-citation xml:lang="ru">Mahdi R. Alagheband, Atefeh Mashatan, Morteza Zihayat. Time-based Gap Analysis of Cybersecurity Trends in Academic and Digital Media // ACM Trans. Manage. Inf. Syst. 2020. Vol. 11. N 4. Art. 20 (December 2020). 20 p. DOI: 10.1145/3389684.</mixed-citation><mixed-citation xml:lang="en">Mahdi R. Alagheband, Atefeh Mashatan, Morteza Zihayat. Time-based Gap Analysis of Cybersecurity Trends in Academic and Digital Media // ACM Trans. Manage. Inf. Syst. 2020. Vol. 11. N 4. Art. 20 (December 2020). 20 p. DOI: 10.1145/3389684.</mixed-citation></citation-alternatives></ref><ref id="cit28"><label>28</label><citation-alternatives><mixed-citation xml:lang="ru">Mann M. I. Hacking the human: social engineering techniques and security countermeasures. Gower Publishing, Ltd., 2012.</mixed-citation><mixed-citation xml:lang="en">Mann M. I. Hacking the human: social engineering techniques and security countermeasures. Gower Publishing, Ltd., 2012.</mixed-citation></citation-alternatives></ref><ref id="cit29"><label>29</label><citation-alternatives><mixed-citation xml:lang="ru">McCormac A., Calic D., Parsons K., Butavicius M. at al. The effect of resilience and job stress on information security awareness // Information and Computer Security.2018. Vol. 26. N 3. P. 277–289.</mixed-citation><mixed-citation xml:lang="en">McCormac A., Calic D., Parsons K., Butavicius M. at al. The effect of resilience and job stress on information security awareness // Information and Computer Security.2018. Vol. 26. N 3. P. 277–289.</mixed-citation></citation-alternatives></ref><ref id="cit30"><label>30</label><citation-alternatives><mixed-citation xml:lang="ru">Melzer A., Steffgen G. Trick with treat — reciprocity increases the willingness to communicate personal data // Computers in Human Behavior. 2016. Vol. 61. P. 372–377.</mixed-citation><mixed-citation xml:lang="en">Melzer A., Steffgen G. Trick with treat — reciprocity increases the willingness to communicate personal data // Computers in Human Behavior. 2016. Vol. 61. P. 372–377.</mixed-citation></citation-alternatives></ref><ref id="cit31"><label>31</label><citation-alternatives><mixed-citation xml:lang="ru">Messing Ph., Schram J., Golding B. Teen says he hacked CIA director’s AOL account [Electronic resource]. URL: https://nypost.com/2015/10/18/stoner-high-school-student-says-he-hackedthe-cia/ (дата обращения: 20.12.2021).</mixed-citation><mixed-citation xml:lang="en">Messing Ph., Schram J., Golding B. Teen says he hacked CIA director’s AOL account [Electronic resource]. URL: https://nypost.com/2015/10/18/stoner-high-school-student-says-he-hackedthe-cia/ (дата обращения: 20.12.2021).</mixed-citation></citation-alternatives></ref><ref id="cit32"><label>32</label><citation-alternatives><mixed-citation xml:lang="ru">Micallef N., Arachchilage N. A. G. Security questions education: exploring gamified features and functionalities // Information and Computer Securityю 2018. Vol. 26. N 3. P. 365–378.</mixed-citation><mixed-citation xml:lang="en">Micallef N., Arachchilage N. A. G. Security questions education: exploring gamified features and functionalities // Information and Computer Securityю 2018. Vol. 26. N 3. P. 365–378.</mixed-citation></citation-alternatives></ref><ref id="cit33"><label>33</label><citation-alternatives><mixed-citation xml:lang="ru">Mitnick K. D., Simon W. L. The art of deception: Controlling the human element of security. John Wiley &amp; Sons, 2011.</mixed-citation><mixed-citation xml:lang="en">Mitnick K. D., Simon W. L. The art of deception: Controlling the human element of security. John Wiley &amp; Sons, 2011.</mixed-citation></citation-alternatives></ref><ref id="cit34"><label>34</label><citation-alternatives><mixed-citation xml:lang="ru">Mouton F., Leenen L., Venter H. Social engineering attack examples, templates and scenarios // Comput. Secur. 2016, 59, 186–209.</mixed-citation><mixed-citation xml:lang="en">Mouton F., Leenen L., Venter H. Social engineering attack examples, templates and scenarios // Comput. Secur. 2016, 59, 186–209.</mixed-citation></citation-alternatives></ref><ref id="cit35"><label>35</label><citation-alternatives><mixed-citation xml:lang="ru">Nicho M. A process model for implementing information systems security governance // Information and Computer Securityю 2018. Vol. 26. N 1. P. 10–38.</mixed-citation><mixed-citation xml:lang="en">Nicho M. A process model for implementing information systems security governance // Information and Computer Securityю 2018. Vol. 26. N 1. P. 10–38.</mixed-citation></citation-alternatives></ref><ref id="cit36"><label>36</label><citation-alternatives><mixed-citation xml:lang="ru">Oliseenko V. D., Abramov M. V., Tulupyev A. L. Identification of user accounts by image comparison: The phash-based approach // Scientific and Technical Journal of Information Technologies, Mechanics and Optics. 2021. Vol. 21 (4). P. 562–570.</mixed-citation><mixed-citation xml:lang="en">Oliseenko V. D., Abramov M. V., Tulupyev A. L. Identification of user accounts by image comparison: The phash-based approach // Scientific and Technical Journal of Information Technologies, Mechanics and Optics. 2021. Vol. 21 (4). P. 562–570.</mixed-citation></citation-alternatives></ref><ref id="cit37"><label>37</label><citation-alternatives><mixed-citation xml:lang="ru">Onumo A., Ullah-Awan I., Cullen A. Assessing the Moderating Effect of Security Technologies on Employees Compliance with Cybersecurity Control Procedures // ACM Trans. Manage. Inf. Syst. June 2021. Vol. 12. N 2. Art. 11. 29 p. DOI: 10.1145/3424282</mixed-citation><mixed-citation xml:lang="en">Onumo A., Ullah-Awan I., Cullen A. Assessing the Moderating Effect of Security Technologies on Employees Compliance with Cybersecurity Control Procedures // ACM Trans. Manage. Inf. Syst. June 2021. Vol. 12. N 2. Art. 11. 29 p. DOI: 10.1145/3424282</mixed-citation></citation-alternatives></ref><ref id="cit38"><label>38</label><citation-alternatives><mixed-citation xml:lang="ru">Park Jiyong, Cho Daegon, Lee Jae Kyu, Lee Byungtae. The Economics of Cybercrime: The Role of Broadband and Socioeconomic Status // ACM Trans. Manage. Inf. Syst. December 2019. Vol. 10. N 4. Art. 13. 23 p. DOI: 10.1145/3351159</mixed-citation><mixed-citation xml:lang="en">Park Jiyong, Cho Daegon, Lee Jae Kyu, Lee Byungtae. The Economics of Cybercrime: The Role of Broadband and Socioeconomic Status // ACM Trans. Manage. Inf. Syst. December 2019. Vol. 10. N 4. Art. 13. 23 p. DOI: 10.1145/3351159</mixed-citation></citation-alternatives></ref><ref id="cit39"><label>39</label><citation-alternatives><mixed-citation xml:lang="ru">Parsons K., Calic D., Pattinson M., Butavicius M. at al. The human aspects of information security questionnaire (hais-q): two further validation studies // Computers and Security. 2017. Vol. 66. P. 40–51.</mixed-citation><mixed-citation xml:lang="en">Parsons K., Calic D., Pattinson M., Butavicius M. at al. The human aspects of information security questionnaire (hais-q): two further validation studies // Computers and Security. 2017. Vol. 66. P. 40–51.</mixed-citation></citation-alternatives></ref><ref id="cit40"><label>40</label><citation-alternatives><mixed-citation xml:lang="ru">Public Administration Data Breaches [Electronic resource]. URL: https://www.verizon.com/business/resources/reports/dbir/2021/data-breach-statistics-by-industry/public-administrationdata-breaches/ (дата обращения: 20.12.2021).</mixed-citation><mixed-citation xml:lang="en">Public Administration Data Breaches [Electronic resource]. URL: https://www.verizon.com/business/resources/reports/dbir/2021/data-breach-statistics-by-industry/public-administrationdata-breaches/ (дата обращения: 20.12.2021).</mixed-citation></citation-alternatives></ref><ref id="cit41"><label>41</label><citation-alternatives><mixed-citation xml:lang="ru">Qin Chuan, Zhu Hengshu, Xu Tong, Zhu Chen at al. An Enhanced Neural Network Approach to Person-Job Fit in Talent Recruitment // ACM Trans. Inf. Syst. March 2020. Vol. 38. N 2. Art. 15. 33 p. DOI: 10.1145/3376927.</mixed-citation><mixed-citation xml:lang="en">Qin Chuan, Zhu Hengshu, Xu Tong, Zhu Chen at al. An Enhanced Neural Network Approach to Person-Job Fit in Talent Recruitment // ACM Trans. Inf. Syst. March 2020. Vol. 38. N 2. Art. 15. 33 p. DOI: 10.1145/3376927.</mixed-citation></citation-alternatives></ref><ref id="cit42"><label>42</label><citation-alternatives><mixed-citation xml:lang="ru">Roy Arindam, Sural Shamik, Majumdar Arun Kumar, Vaidya Jaideep at al. Optimal Employee Recruitment in Organizations under Attribute-Based Access Control // ACM Trans. Manage. Inf. Syst. March 2021. Vol. 12. N 1. Art. 6. 24 p. DOI: 10.1145/3403950</mixed-citation><mixed-citation xml:lang="en">Roy Arindam, Sural Shamik, Majumdar Arun Kumar, Vaidya Jaideep at al. Optimal Employee Recruitment in Organizations under Attribute-Based Access Control // ACM Trans. Manage. Inf. Syst. March 2021. Vol. 12. N 1. Art. 6. 24 p. DOI: 10.1145/3403950</mixed-citation></citation-alternatives></ref><ref id="cit43"><label>43</label><citation-alternatives><mixed-citation xml:lang="ru">Salahdine F., Kaabouch N. Social Engineering Attacks: A Survey // Future Internet. 2019. Vol. 11. N 89. DOI: 10.3390/fi11040089. 4</mixed-citation><mixed-citation xml:lang="en">Salahdine F., Kaabouch N. Social Engineering Attacks: A Survey // Future Internet. 2019. Vol. 11. N 89. DOI: 10.3390/fi11040089. 4</mixed-citation></citation-alternatives></ref><ref id="cit44"><label>44</label><citation-alternatives><mixed-citation xml:lang="ru">Samtani S., Kantarcioglu M., Chen Hsinchun. Trailblazing the Artificial Intelligence for Cybersecurity Discipline: A Multi-Disciplinary Research Roadmap // ACM Trans. Manage. Inf. Syst. December 2020. Vol. 11. N 4. Art. 17. 19 p. DOI: 10.1145/3430360</mixed-citation><mixed-citation xml:lang="en">Samtani S., Kantarcioglu M., Chen Hsinchun. Trailblazing the Artificial Intelligence for Cybersecurity Discipline: A Multi-Disciplinary Research Roadmap // ACM Trans. Manage. Inf. Syst. December 2020. Vol. 11. N 4. Art. 17. 19 p. DOI: 10.1145/3430360</mixed-citation></citation-alternatives></ref><ref id="cit45"><label>45</label><citation-alternatives><mixed-citation xml:lang="ru">Silic M., Lowry P.B. Using Design-Science Based Gamification to Improve Organizational Security Training and Compliance // Journal of Management Information Systems. 2020. Vol. 37. N 1. P. 129–161.</mixed-citation><mixed-citation xml:lang="en">Silic M., Lowry P.B. Using Design-Science Based Gamification to Improve Organizational Security Training and Compliance // Journal of Management Information Systems. 2020. Vol. 37. N 1. P. 129–161.</mixed-citation></citation-alternatives></ref><ref id="cit46"><label>46</label><citation-alternatives><mixed-citation xml:lang="ru">Snyman D. P., Kruger H., Kearney W. D. I shall, we shall, and all others will: paradoxical information security behavior // Information and Computer Security. 2018. Vol. 26. N 3. P. 290–305.</mixed-citation><mixed-citation xml:lang="en">Snyman D. P., Kruger H., Kearney W. D. I shall, we shall, and all others will: paradoxical information security behavior // Information and Computer Security. 2018. Vol. 26. N 3. P. 290–305.</mixed-citation></citation-alternatives></ref><ref id="cit47"><label>47</label><citation-alternatives><mixed-citation xml:lang="ru">Stoliarova V. F., Tulupyev A. L. Regression Model for the Problem of Parameter Estimation in the Gamma Poisson Model of Behavior: An Application to the Online Social Media Posting Data // Proceedings of 2021 24th International Conference on Soft Computing and Measurements. 2021. N 9507187. P. 24–27.</mixed-citation><mixed-citation xml:lang="en">Stoliarova V. F., Tulupyev A. L. Regression Model for the Problem of Parameter Estimation in the Gamma Poisson Model of Behavior: An Application to the Online Social Media Posting Data // Proceedings of 2021 24th International Conference on Soft Computing and Measurements. 2021. N 9507187. P. 24–27.</mixed-citation></citation-alternatives></ref><ref id="cit48"><label>48</label><citation-alternatives><mixed-citation xml:lang="ru">Tambe Ebot A. Using stage theorizing to make anti-phishing recommendations more effective // Information and Computer Security. 2018. Vol. 26. N 4. P. 401–419.</mixed-citation><mixed-citation xml:lang="en">Tambe Ebot A. Using stage theorizing to make anti-phishing recommendations more effective // Information and Computer Security. 2018. Vol. 26. N 4. P. 401–419.</mixed-citation></citation-alternatives></ref><ref id="cit49"><label>49</label><citation-alternatives><mixed-citation xml:lang="ru">Tu C. Z., Yuan Y., Archer N., Connelly C. E. Strategic value alignment for information security management: a critical success factor analysis // Information and Computer Security. 2018. Vol. 26. N 2. P. 150–170.</mixed-citation><mixed-citation xml:lang="en">Tu C. Z., Yuan Y., Archer N., Connelly C. E. Strategic value alignment for information security management: a critical success factor analysis // Information and Computer Security. 2018. Vol. 26. N 2. P. 150–170.</mixed-citation></citation-alternatives></ref><ref id="cit50"><label>50</label><citation-alternatives><mixed-citation xml:lang="ru">Tulupieva T. V., Abramov M. V., Tulupiev A. L. Model of Social Influence in Analysis of Socioengineering Attacks // Administrative Consulting. 2021. Vol. 8. P. 97–107. (In Russ.)</mixed-citation><mixed-citation xml:lang="en">Tulupieva T. V., Abramov M. V., Tulupiev A. L. Model of Social Influence in Analysis of Socioengineering Attacks // Administrative Consulting. 2021. Vol. 8. P. 97–107. (In Russ.)</mixed-citation></citation-alternatives></ref><ref id="cit51"><label>51</label><citation-alternatives><mixed-citation xml:lang="ru">von Solms B., von Solms R. Cybersecurity and information security — what goes where? // Information and Computer Security. 2018. Vol. 26. N 1. P. 2–9.</mixed-citation><mixed-citation xml:lang="en">von Solms B., von Solms R. Cybersecurity and information security — what goes where? // Information and Computer Security. 2018. Vol. 26. N 1. P. 2–9.</mixed-citation></citation-alternatives></ref><ref id="cit52"><label>52</label><citation-alternatives><mixed-citation xml:lang="ru">Wang Z., Zhu H., Sun L. Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods // IEEE Access. 2021. Vol. 9. P. 11895–11910.</mixed-citation><mixed-citation xml:lang="en">Wang Z., Zhu H., Sun L. Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods // IEEE Access. 2021. Vol. 9. P. 11895–11910.</mixed-citation></citation-alternatives></ref><ref id="cit53"><label>53</label><citation-alternatives><mixed-citation xml:lang="ru">Wang Z., Zhu H., Liu P. et al. Social engineering in cybersecurity: a domain ontology and knowledge graph application examples // Cybersecur. 2021. Vol. 4. N 31.</mixed-citation><mixed-citation xml:lang="en">Wang Z., Zhu H., Liu P. et al. Social engineering in cybersecurity: a domain ontology and knowledge graph application examples // Cybersecur. 2021. Vol. 4. N 31.</mixed-citation></citation-alternatives></ref><ref id="cit54"><label>54</label><citation-alternatives><mixed-citation xml:lang="ru">Wiafe I., Koranteng F. N., Wiafe A., Obeng E. N. at al. The role of norms in information security policy compliance // Information and Computer Security. 2020. Vol. 28. N 5. P. 743–761.</mixed-citation><mixed-citation xml:lang="en">Wiafe I., Koranteng F. N., Wiafe A., Obeng E. N. at al. The role of norms in information security policy compliance // Information and Computer Security. 2020. Vol. 28. N 5. P. 743–761.</mixed-citation></citation-alternatives></ref><ref id="cit55"><label>55</label><citation-alternatives><mixed-citation xml:lang="ru">Winkler I.S., Dealy B. Information security technology? Don’t rely on it a case study in social engineering // 5th USENIX Security Symposium. 1995.</mixed-citation><mixed-citation xml:lang="en">Winkler I.S., Dealy B. Information security technology? Don’t rely on it a case study in social engineering // 5th USENIX Security Symposium. 1995.</mixed-citation></citation-alternatives></ref><ref id="cit56"><label>56</label><citation-alternatives><mixed-citation xml:lang="ru">Winkler Ira S. Non-technical threat to computing systems // Computing systems. 1996. Vol. 9. N 1. P. 3–14.</mixed-citation><mixed-citation xml:lang="en">Winkler Ira S. Non-technical threat to computing systems // Computing systems. 1996. Vol. 9. N 1. P. 3–14.</mixed-citation></citation-alternatives></ref><ref id="cit57"><label>57</label><citation-alternatives><mixed-citation xml:lang="ru">Ye Z., Guo Y., Ju A., Wei F. at al. A Risk Analysis Framework for Social Engineering Attack Based on User Profiling // Journal of Organizational and End User Computing (JOEUC). 2020. Vol. 32. N 3. P. 37–49.</mixed-citation><mixed-citation xml:lang="en">Ye Z., Guo Y., Ju A., Wei F. at al. A Risk Analysis Framework for Social Engineering Attack Based on User Profiling // Journal of Organizational and End User Computing (JOEUC). 2020. Vol. 32. N 3. P. 37–49.</mixed-citation></citation-alternatives></ref><ref id="cit58"><label>58</label><citation-alternatives><mixed-citation xml:lang="ru">Zhu Chen, Zhu Hengshu, Xiong Hui, Ma Chao at al. Person-Job Fit: Adapting the Right Talent for the Right Job with Joint Representation Learning // ACM Trans. Manage. Inf. Syst. November 2018. Vol. 9. N 3. Art. 12. 17 p. DOI: 10.1145/3234465</mixed-citation><mixed-citation xml:lang="en">Zhu Chen, Zhu Hengshu, Xiong Hui, Ma Chao at al. Person-Job Fit: Adapting the Right Talent for the Right Job with Joint Representation Learning // ACM Trans. Manage. Inf. Syst. November 2018. Vol. 9. N 3. Art. 12. 17 p. DOI: 10.1145/3234465</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
