{"id":"https://openalex.org/W4417508514","doi":"https://doi.org/10.1109/access.2025.3646457","title":"Deriving Quantitative Metrics to Assess Social Engineering Attack Risks: An Expert Survey","display_name":"Deriving Quantitative Metrics to Assess Social Engineering Attack Risks: An Expert Survey","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4417508514","doi":"https://doi.org/10.1109/access.2025.3646457"},"language":null,"primary_location":{"id":"doi:10.1109/access.2025.3646457","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3646457","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3646457","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103308273","display_name":"Daniel Rosenberger","orcid":"https://orcid.org/0000-0001-8473-1844"},"institutions":[{"id":"https://openalex.org/I41121874","display_name":"Heilbronn University","ror":"https://ror.org/04g5gcg95","country_code":"DE","type":"education","lineage":["https://openalex.org/I41121874"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Daniel Rosenberger","raw_affiliation_strings":["Institute for Intelligent Cyber-Physical Systems, Heilbronn University of Applied Sciences, Heilbronn, Germany"],"raw_orcid":"https://orcid.org/0000-0001-8473-1844","affiliations":[{"raw_affiliation_string":"Institute for Intelligent Cyber-Physical Systems, Heilbronn University of Applied Sciences, Heilbronn, Germany","institution_ids":["https://openalex.org/I41121874"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120860752","display_name":"Patrick Wohlgemuth","orcid":"https://orcid.org/0009-0008-6784-2807"},"institutions":[{"id":"https://openalex.org/I41121874","display_name":"Heilbronn University","ror":"https://ror.org/04g5gcg95","country_code":"DE","type":"education","lineage":["https://openalex.org/I41121874"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Patrick Wohlgemuth","raw_affiliation_strings":["Institute for Intelligent Cyber-Physical Systems, Heilbronn University of Applied Sciences, Heilbronn, Germany"],"raw_orcid":"https://orcid.org/0009-0008-6784-2807","affiliations":[{"raw_affiliation_string":"Institute for Intelligent Cyber-Physical Systems, Heilbronn University of Applied Sciences, Heilbronn, Germany","institution_ids":["https://openalex.org/I41121874"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075009378","display_name":"Alexander Jesser","orcid":"https://orcid.org/0000-0003-2067-6860"},"institutions":[{"id":"https://openalex.org/I41121874","display_name":"Heilbronn University","ror":"https://ror.org/04g5gcg95","country_code":"DE","type":"education","lineage":["https://openalex.org/I41121874"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Alexander Jesser","raw_affiliation_strings":["Institute for Intelligent Cyber-Physical Systems, Heilbronn University of Applied Sciences, Heilbronn, Germany"],"raw_orcid":"https://orcid.org/0000-0003-2067-6860","affiliations":[{"raw_affiliation_string":"Institute for Intelligent Cyber-Physical Systems, Heilbronn University of Applied Sciences, Heilbronn, Germany","institution_ids":["https://openalex.org/I41121874"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.49102776,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"13","issue":null,"first_page":"214639","last_page":"214654"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9570000171661377,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9570000171661377,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.002300000051036477,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.002300000051036477,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/social-engineering","display_name":"Social engineering (security)","score":0.6700000166893005},{"id":"https://openalex.org/keywords/security-engineering","display_name":"Security engineering","score":0.4602000117301941},{"id":"https://openalex.org/keywords/order","display_name":"Order (exchange)","score":0.4569000005722046},{"id":"https://openalex.org/keywords/face","display_name":"Face (sociological concept)","score":0.34290000796318054},{"id":"https://openalex.org/keywords/quantitative-analysis","display_name":"Quantitative analysis (chemistry)","score":0.27459999918937683}],"concepts":[{"id":"https://openalex.org/C70118762","wikidata":"https://www.wikidata.org/wiki/Q376934","display_name":"Social engineering (security)","level":2,"score":0.6700000166893005},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6552000045776367},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.4602000117301941},{"id":"https://openalex.org/C182306322","wikidata":"https://www.wikidata.org/wiki/Q1779371","display_name":"Order (exchange)","level":2,"score":0.4569000005722046},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36570000648498535},{"id":"https://openalex.org/C2779304628","wikidata":"https://www.wikidata.org/wiki/Q3503480","display_name":"Face (sociological concept)","level":2,"score":0.34290000796318054},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.34119999408721924},{"id":"https://openalex.org/C95986675","wikidata":"https://www.wikidata.org/wiki/Q185168","display_name":"Quantitative analysis (chemistry)","level":2,"score":0.27459999918937683},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.27399998903274536},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2720000147819519},{"id":"https://openalex.org/C2983815764","wikidata":"https://www.wikidata.org/wiki/Q7551167","display_name":"Social impact","level":3,"score":0.26829999685287476},{"id":"https://openalex.org/C2777111884","wikidata":"https://www.wikidata.org/wiki/Q12002092","display_name":"Social security","level":2,"score":0.26080000400543213},{"id":"https://openalex.org/C539667460","wikidata":"https://www.wikidata.org/wiki/Q2414942","display_name":"Management science","level":1,"score":0.25780001282691956}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/access.2025.3646457","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3646457","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3646457","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3646457","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":44,"referenced_works":["https://openalex.org/W180604521","https://openalex.org/W2065637266","https://openalex.org/W2109567464","https://openalex.org/W2144888077","https://openalex.org/W2153245338","https://openalex.org/W2266861918","https://openalex.org/W2523074512","https://openalex.org/W2535638258","https://openalex.org/W2595822748","https://openalex.org/W2745971308","https://openalex.org/W2751179444","https://openalex.org/W2914884710","https://openalex.org/W2963562762","https://openalex.org/W2964682570","https://openalex.org/W2991110852","https://openalex.org/W2996949461","https://openalex.org/W3022956672","https://openalex.org/W3031675477","https://openalex.org/W3046612407","https://openalex.org/W3081230183","https://openalex.org/W3088268064","https://openalex.org/W3120354059","https://openalex.org/W3129186283","https://openalex.org/W3135397516","https://openalex.org/W3149785004","https://openalex.org/W3167268333","https://openalex.org/W4212883898","https://openalex.org/W4214644401","https://openalex.org/W4285275027","https://openalex.org/W4288057710","https://openalex.org/W4312563357","https://openalex.org/W4381952831","https://openalex.org/W4383671701","https://openalex.org/W4387628510","https://openalex.org/W4387860877","https://openalex.org/W4388156124","https://openalex.org/W4388921214","https://openalex.org/W4390457517","https://openalex.org/W4399199187","https://openalex.org/W4406088251","https://openalex.org/W4407363349","https://openalex.org/W4408656758","https://openalex.org/W4411337905","https://openalex.org/W4413177878"],"related_works":[],"abstract_inverted_index":{"Social":[0,65],"engineering":[1,49,66,117,132,161,215,226],"attacks":[2,50,67,118,133,216],"are":[3,12,181,202],"one":[4],"of":[5,62,115,190],"the":[6,29,60,113,150,166,198,206],"biggest":[7,30],"security":[8,42],"threats":[9],"IT":[10,19],"organizations":[11,21,237],"facing":[13],"today.":[14],"To":[15,125],"protect":[16],"themselves":[17],"against":[18],"risks,":[20],"typically":[22],"use":[23],"quantitative":[24,92],"assessment":[25,43],"frameworks":[26,44,79,229],"to":[27,73,90,102,146,159,170,212,238],"identify":[28,239],"risks":[31],"they":[32],"face":[33],"and":[34,75,157,165,183,193,233,240],"provide":[35],"insights":[36,195],"for":[37,130],"mitigation":[38],"strategies.":[39],"However,":[40],"current":[41],"do":[45],"not":[46],"include":[47,76],"social":[48,116,131,160,214,225],"in":[51,77,98,163,168],"their":[52,176,242],"evaluations,":[53],"which":[54,141],"has":[55],"a":[56,153,188],"negative":[57],"impact":[58],"on":[59,175,204],"validity":[61],"such":[63],"frameworks.":[64,124,151,222],"have":[68],"been":[69],"found":[70],"very":[71,83],"hard":[72],"assess":[74],"evaluation":[78,123,221,228],"as":[80],"there":[81],"is":[82],"few":[84],"data":[85],"available":[86],"that":[87,111],"would":[88],"allow":[89,142],"derive":[91,171],"metrics.":[93],"The":[94,179],"expert":[95],"survey":[96,154,207],"conducted":[97],"this":[99,104],"study":[100],"aims":[101],"address":[103],"challenge":[105],"by":[106,187],"deriving":[107],"generally":[108],"applicable":[109],"metrics":[110,173],"enable":[112],"integration":[114],"into":[119,149,217],"several":[120,218],"commonly":[121,219],"used":[122,211,220],"achieve":[126],"this,":[127],"grouping":[128],"criteria":[129],"were":[134],"defined":[135],"along":[136],"with":[137],"relevant":[138],"quantification":[139],"metrics,":[140],"these":[143],"attack":[144],"groups":[145],"be":[147,210],"incorporated":[148],"Then,":[152],"was":[155],"designed":[156],"sent":[158],"experts":[162],"Germany":[164],"Netherlands":[167],"order":[169],"representative":[172],"based":[174],"everyday":[177],"experiences.":[178],"results":[180,208],"presented":[182],"thoroughly":[184],"validated,":[185],"followed":[186],"discussion":[189],"overarching":[191],"patterns":[192],"general":[194],"derived":[196],"from":[197],"findings.":[199],"Finally,":[200],"suggestions":[201],"provided":[203],"how":[205],"can":[209],"incorporate":[213],"By":[223],"incorporating":[224],"attacks,":[227],"yield":[230],"more":[231],"realistic":[232],"comprehensive":[234],"results,":[235],"enabling":[236],"mitigate":[241],"most":[243],"significant":[244],"cyber":[245],"risks.":[246]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-12-19T00:00:00"}