In this study, we seek to achieve a main goal, which is to identify social engineering and its role in maintaining information security and privacy, introducing the risks of social engineering, the spread of social engineering, and identifying the role of information security in the face of social engineering and how the personal characteristics of individuals affect their vulnerability to exploitation, and this study is considered one of the descriptive studies that relied on the content analysis methodology, by reviewing previous studies, interviews and research. The study concluded with a number of recommendations, including that social engineering should be controlled or at least limited when it comes to information security, as many people focus on technical security as technical solutions such as firewalls, authentication rules, encryption, access restrictions and permissions are necessary for information security in the organization because they can prevent attacks.