Open source personal information (OSPI) provides cybercriminals and cyberterrorists the means to construct and successfully execute cyber attacks on the U.S. information technology that supports critical infrastructure. To better understand exposure to cybercrime due to OSPI, this study used the Delphi technique to identify, assess, and validate exposure components as well as categories of information and their contributing impact (i.e. weight) towards social engineering attacks, in an effort to construct the Social Engineering eXposure Index (SEXI). A panel of cybersecurity experts was provided with the initial 105 components of personal information extracted from the literature that may contribute to increase potential of individuals to be exposed to social engineering. Moreover, the experts were tasked with validating the list and their related exposure categories as well as validate the hierarchical aggregation to develop the SEXI benchmarking instrument. Validation of the instrument was conducted on a random selection of 50 executives of Fortune 500 organizations and a group of people where exposure of personal information is the norm (50 Hollywood celebrities) using OSPI via the Internet. This paper presents a discussion of the work-in-progress related to the development and validation of SEXI instrument due to OSPI.
