{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T05:40:47Z","timestamp":1766727647686,"version":"3.48.0"},"reference-count":54,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3646457","type":"journal-article","created":{"date-parts":[[2025,12,19]],"date-time":"2025-12-19T18:59:47Z","timestamp":1766170787000},"page":"214639-214654","source":"Crossref","is-referenced-by-count":0,"title":["Deriving Quantitative Metrics to Assess Social Engineering Attack Risks: An Expert Survey"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8473-1844","authenticated-orcid":false,"given":"Daniel","family":"Rosenberger","sequence":"first","affiliation":[{"name":"Institute for Intelligent Cyber-Physical Systems, Heilbronn University of Applied Sciences, Heilbronn, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-6784-2807","authenticated-orcid":false,"given":"Patrick","family":"Wohlgemuth","sequence":"additional","affiliation":[{"name":"Institute for Intelligent Cyber-Physical Systems, Heilbronn University of Applied Sciences, Heilbronn, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2067-6860","authenticated-orcid":false,"given":"Alexander","family":"Jesser","sequence":"additional","affiliation":[{"name":"Institute for Intelligent Cyber-Physical Systems, Heilbronn University of Applied Sciences, Heilbronn, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.21125\/inted.2017.1008"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-36537-0_7"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-021-00094-6"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-17016-9_14"},{"key":"ref5","article-title":"Enterprise cyber resiliency against lateral movement: A graph theoretic approach","author":"Chen","year":"2019","journal-title":"arXiv:1905.01002"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/PDP.2011.62"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.4018\/JOEUC.2020070104"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1111\/risa.12891"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.3390\/info10080251"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/j.jprocont.2023.103131"},{"issue":"10","key":"ref11","first-page":"305","article-title":"A socio-technical approach to cyber-risk assessment","volume":"14","author":"Kioskli","year":"2020","journal-title":"Int. J. Electr. Comput. Eng."},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2022.134020"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2808797.2808899"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.18421\/TEM111-42"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2992807"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2014.09.005"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ICEIEC49280.2020.9152340"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103387"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3708821.3733905"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103558"},{"key":"ref21","first-page":"257","article-title":"Detecting lateral movement in enterprise computer networks with unsupervised graph AI","volume-title":"Proc. 23rd Int. Symp. Res. Attacks","author":"Bowman"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3069105"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2994475.2994476"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3617072.3617116"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/s42979-020-00443-1"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2024.04.105"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-36584-8_5"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-95597-1_2"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1093\/oso\/9780195064650.001.0001"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1002\/0470033312"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1108\/QMR-06-2016-0053"},{"article-title":"Awareness-raising and prevention methods of social engineering for businesses and individuals","year":"2022","author":"Harth","key":"ref32"},{"article-title":"Ranking social engineering attack vectors in the healthcare and public health sector","year":"2023","author":"Sachdev","key":"ref33"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00076"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1088\/1757-899X\/1088\/1\/012015"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2017.1334499"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/sp46214.2022.9833766"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3409178"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(20)30098-1"},{"volume-title":"IBM X-Force 2025 Threat Intelligence Index","year":"2025","author":"Corp","key":"ref40"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.3390\/app15063396"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-97652-1_20"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2025.104317"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103364"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103695"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3048839"},{"volume-title":"Data Breach Investigations Report 2023","year":"2023","key":"ref47"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-81570-6_20"},{"key":"ref49","first-page":"1273","article-title":"Detecting and characterizing lateral phishing at scale","volume-title":"Proc. 28th USENIX Secur. Symp. (USENIX Secur. 19)","author":"Ho"},{"volume-title":"The Rise of Lateral Phishing in Larger Companies","year":"2024","key":"ref50"},{"volume-title":"Barracuda Threat Spotlight: How Company Size Affects the Email Threats Targeting Your Business","year":"2024","author":"Klevchuk","key":"ref51"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2885512"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1155\/2019\/2031063"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.5220\/0010817400003120"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/11305066.pdf?arnumber=11305066","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T05:36:17Z","timestamp":1766727377000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11305066\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":54,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3646457","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2025]]}}}