The focus of this research was to explore present control methods and solutions used throughout technology-based, healthcare-based, and manufacturing-based organizations in southwest Georgia to determine their effectiveness for reducing potential threats. Semi-structured interviews with open-ended questions are used to explore 30 information technology professionals' lived experiences with IT security policies and procedures. Two research questions guided the qualitative exploratory case study: How important is social engineering and enterprise security to the organization? and How are organizations evaluating and managing existing organizational solutions? Several themes emerged: (a) lack of education and inadequate information can affect the decision-making process, (b) response times from management is a key factor in reducing threats, (c) a sense of failure is always present, (d) failed IT policy management can increase organizational vulnerability, and (e) social engineering still has a negative stigma in the business environment. The findings suggest that although steps were made to change the perception of social engineering and enterprise security, additional work is needed to ensure employees are aware of how social engineering and enterprise security can affect their organization productivity. Key Words: Information systems, information technology, social engineering, enterprise security, control methods, policies, procedures, management