Social engineering

The fith tip in our series "How to assess and mitigate information security threats."

Published: 26 Jan 2007 0:00

This is tip No. 5 in our series, " How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers.

Social engineering is the practice of deceiving legitimate users of a system into disclosing information that will aid the attacker in compromising system security. A simple example is calling a user and pretending to be someone from the service desk working on a network issue; the attacker then proceeds to ask questions about what the user is working on, what file shares she uses, what her password is.

A successful social engineering act requires the trust of the victim, so user awareness training about the problem is an effective countermeasure. Strict policies about service desk staff never asking for personally identifying information or passwords over the phone or in person can also help potential victims recognize a social engineering attempt.

How to Assess and Mitigate Information Security Threats
Introduction
Malware: The ever-evolving threat
Network-based attacks
Information theft and cryptographic attacks
Attacks targeted to specific applications
Social engineering
Threats to physical security
Balancing the cost and benefits of countermeasures

This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.

Read more on IT risk management

All
News
In Depth
Blog Posts
Opinion
Photo Stories
Videos

Latest News

Download Computer Weekly

In The Current Issue:
- Cisco pays $8.6m after whistleblower discloses security flaws in video surveillance system
- AI storage: Machine learning, deep learning and storage needs
- Use Windows 7 end of life to update desktop productivity
Download Current Issue

Latest Blog Posts

How C3M is easing multi-cloud management – Eyes on APAC
IBM floats another cloud strategy – Cliff Saran's Enterprise blog
View All Blogs

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

Blurring the lines between RPA platforms and APIs

RPA is quickly making itself known in the automation market, but the real game changer is utilizing the technology in an API-rich...
Preparing for a 5G deployment: 5 things CIOs need to do now

Experts discuss the five moves CIOs should be making right now to ensure they are prepared to take hold of 5G as it becomes more ...
New class of cloud security suite promises next-gen protection

Nemertes analyst John Burke points CIOs to a new type of cloud security offering that combines the functions of VPN, cloud ...

SearchSecurity

DevOps security checklist requires proper integration

There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are...
How to identify and evaluate cybersecurity frameworks

Not all frameworks for cybersecurity are equal. ESG's Jon Oltsik explains what attributes make a cybersecurity framework and how ...
Microsoft discovers BlueKeep-like flaws in Remote Desktop Services

Microsoft disclosed four remote code execution flaws in Remote Desktop Services that are similar to BlueKeep, as well as other ...

SearchNetworking

Compare the leading SD-WAN vendors before you buy

This SD-WAN vendor comparison chart is a useful starting point to get information about SD-WAN deployment options, pricing, cloud...
Cisco faces sales slump amid Chinese tariffs, falling SP revenues

Cisco forecast weak revenue growth in the current quarter, as service provider sales fell and product orders were flat. The ...
The top AIOps use cases in network performance management tools

AIOps use cases in network performance management include automating certain network functions, including traffic analysis. But ...

SearchDataCenter

How to get out of a bad colocation contract

Renegotiation, legal action and cancellation are all options if your colocation service agreement isn't up to par. But each ...
5 steps to include on your software update checklist

Training, testing and automation are all essential components to software updates. Implementing these concepts makes version ...
Cray exascale computer to modernize aging nuclear weapon stockpile

The U.S. is buying an exascale system from Cray Inc., its third from the company which is now being acquired by HPE. The $600 ...

SearchDataManagement

AWS Lake Formation goes GA, as cloud data lake market grows

First released in late 2018, AWS Lake Formation is now generally available and it could be the force that helps to accelerate ...
Apollo data graph brings managed federation to enterprises

The new Apollo update is intended to enable organizations to federate multiple enterprise data sets more easily and use APIs to ...
Data management roles: Data architect vs. data engineer, others

Veteran data professional Michael Bowers differentiates between key data management positions, including their salaries and which...

Close