Recently, the role of human behavior has become a focal point in the study of information security countermeasures. However, few empirical studies have been conducted to test social engineering theory and the reasons why people may or may not fall victim, and even fewer have tested recommended treatments. Building on theory using threat control factors, the purpose of this paper is to compare the efficacy of recommended treatment protocols.A confirmatory factor analysis of a threat control model was conducted, followed by a randomized assessment of treatment effects using the model. The data were gathered using a questionnaire containing antecedent factors, and samples of social engineering security behaviors were observed.It was found that threat assessment, commitment, trust, and obedience to authority were strong indicators of social engineering threat success, and that treatment efficacy depends on which factors are most prominent.
