From the article: This paper describes the external IT security analysis of an international corporate organization, containing a technical and a social perspective, resulting in a proposed repeatable approach and lessons learned for applying this approach. Part of the security analysis was the utilization of a social engineering experiment, as this could be used to discover employee related risks. This approach was based on multiple signals that indicated a low IT security awareness level among employees as well as the results of a preliminary technical analysis. To carry out the social engineering experiment, two techniques were used. The first technique was to send phishing emails to both the system administrators and other employees of the company. The second technique comprised the infiltration of the office itself to test the physical security, after which two probes were left behind. The social engineering experiment proved that general IT security awareness among employees was very low. The results allowed the research team to infiltrate the network and have the possibility to disable or hamper crucial processes. Social engineering experiments can play an important role in conducting security analyses, by showing security vulnerabilities and raising awareness within a company. Therefore, further research should focus on the standardization of social engineering experiments to be used in security analyses and further development of the approach itself. This paper provides a detailed description of the used methods and the reasoning behind them as a stepping stone for future research on this subject. van Liempd, D., Sjouw, A., Smakman, M., & Smit, K. (2019). Social Engineering As An Approach For Probing Organizations To Improve It Security: A Case Study At A Large International Firm In The Transport Industry. 119-126. https://doi.org/10.33965/es2019_201904l015
MULTIFILE
Social media firestorms pose a significant challenge for firms in the digital age. Tackling firestorms is difficult because the judgments and responses from social media users are influenced by not only the nature of the transgressions but also by the reactions and opinions of other social media users. Drawing on the heuristic-systematic information processing model, we propose a research model to explain the effects of social impact (the heuristic mode) and argument quality and moral intensity (the systematic mode) on perceptions of firm wrongness (the judgment outcome) as well as the effects of perceptions of firm wrongness on vindictive complaining and patronage reduction. We adopted a mixed methods approach in our investigation, including a survey, an experiment, and a focus group study. Our findings show that the heuristic and systematic modes of information processing exert both direct and interaction effects on individuals’ judgment. Specifically, the heuristic mode of information processing dominates overall and also biases the systematic mode. Our study advances the literature by offering an alternative explanation for the emergence of social media firestorms and identifying a novel context in which the heuristic mode dominates in dual information processing. It also sheds light on the formulation of response strategies to mitigate the adverse impacts resulting from social media firestorms. We conclude our paper with limitations and future research directions.
Financial constraints and risk taking are two well-established determinants of firm performance, however, no research analyzes how these variables are connected in the context of a high risk environment. Using data from microfinance clients in Tanzania, we derive a novel financial constraints measure and incorporate a psychometric risk taking scale. Results confirm the importance of access to finance and risk attitudes for business development. Also, we provide preliminary evidence for an interaction between financial constraints and risk taking. Financial constraints “throw sand in the wheels” and protect risk taking entrepreneurs from the negative impact of risk taking on microenterprise performance.
