This is a whitepaper published by MS (download here). From the download page:

Gain valuable information about the concepts of social engineering within the IT security workspace. In section one, the guide provides a working definition of social engineering that can be used within a company's security policies and is meaningful to non-IT security staff. The guide describes the aims and objectives of an attacker and shows how social engineering, like hacking, is a threat to all businesses, not just enterprise or government institutions. The guide will also cover:

• Social engineering and the defense-in-depth layered model
• Social engineering threats and defense
• Online, telephone-based, and waste management threats
• Personal approaches
• Reverse social engineering
• Designing and implementing defenses against social engineering threats
• Developing a security management framework
• Risk management
• Social engineering in the organizational security policy
• Awareness
• Managing incidents
• Operational considerations
• Security policy for social engineering threat checklists