Graduate School of Business


Doctor of Business Administration (DBA)


Gayle Jesse


Social Engineering, Vulnerability, Weak Human Link, IS Professional Beliefs, Security Culture


Business | Computer Sciences


The purpose of this transcendental phenomenological qualitative study was to investigate how IS professionals working in U.S. businesses make sense of their lives and experiences as they address and prevent vulnerabilities to social engineering attacks. This larger problem was explored through an in-depth study of social engineering and its effect on IS professionals working in U.S. businesses operating within healthcare, financial services, and educational industries across the central and northwest regions of Louisiana. Through its use of a phenomenological research design, the study bridged a gap in the social engineering literature, which was primarily comprised of studies that utilized a quantitative methodology. The use of a qualitative approach allowed participants to give voice to their beliefs, thoughts, and motivations about the work they do. The findings, consisting of ten themes and two subthemes, present the essence of experience of six IS professionals addressing and preventing social engineering vulnerabilities in their workplace. The findings revealed that the lived experience of protecting an organization from social engineering attacks involves the unification of people across the enterprise to develop a strong security-minded culture. Additionally, participants shared two primary beliefs, (1) that social engineering attacks would never be eradicated and (2) that IS professionals depend on everyone in the organization to protect the organization from social engineering attacks. The study offers recommendations to IS professionals, business leadership, HR professionals, educators, consultants, vendors, and researchers.