Social engineering
The fith tip in our series "How to assess and mitigate information security threats."
Social engineering is the practice of deceiving legitimate users of a system into disclosing information that will aid the attacker in compromising system security. A simple example is calling a user and pretending to be someone from the service desk working on a network issue; the attacker then proceeds to ask questions about what the user is working on, what file shares she uses, what her password is.
A successful social engineering act requires the trust of the victim, so user awareness training about the problem is an effective countermeasure. Strict policies about service desk staff never asking for personally identifying information or passwords over the phone or in person can also help potential victims recognize a social engineering attempt.
How to Assess and Mitigate Information Security Threats
Introduction
This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.
Read more on IT risk management
-
![]()
Security Think Tank: What you need to know about addressing the doxing threat
By: Larry Wlosinski
-
![]()
Most hackers can steal data within 24 hours, study shows
By: Warwick Ashford
-
![]()
Verizon: Human error still among the top data security threats
By: Ben Cole
-
![]()
Chinese APT group abused Dropbox to spread LOWBALL malware
By: Rob Wright
