الملخص الإنجليزي
Information security breaches threaten Confidentiality, Integrity and Availability
(CIA) of the organization. One of the leading threats in information security is social
engineering attack (SEA). SEA is defined as "the act of manipulating and deceiving
human beings, mostly with the use of psychological persuasion, to obtain access to
confidential information". SEA is one of the common attacks that use human
weakness in the organizations' information security chain. Therefore, it is important
to consider the "human" element to ensure organizations' security. This research aims
to investigate individual and organizational factors that motivate the intention of the
employees toward social engineering resistance. The research model developed
based on the most important behavioral theory and the primary theory in this study
domain which is theory of planned behavior (TPB). Beside that, protection
motivation theory (PMT), transformational leadership (TL), and organizational
culture (OC) along with external constructs are used in the model development. The
study followed a quantitative approach which distributed to 410 employees among
various organizations in Oman. IBM SPSS and SEM techniques used for analyzing
the collected data. The results shows that attitude to resist SEA, information security
policy, information security culture, information security awareness, normative
beliefs, self-efficacy, and threat severity have a strong direct association with
intention to resist SEA. Which in turn represent 65.1% of total variance. However,
trust, threat vulnerability, security education, training and awareness (SETA)
program, and leadership did not show any significant relation toward intention
against SEA prevention. The study provides insights to organizations to understand
their employees' intention to resist SEA thus, improve their behavior by providing
more training to avoid any breaches or further impact from such threat. The findings
also indicate that management should focus more in individual factors to protect the
corporate from risks.
