Social engineering

The fith tip in our series "How to assess and mitigate information security threats."

Published: 26 Jan 2007 0:00

This is tip No. 5 in our series, " How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers.

Social engineering is the practice of deceiving legitimate users of a system into disclosing information that will aid the attacker in compromising system security. A simple example is calling a user and pretending to be someone from the service desk working on a network issue; the attacker then proceeds to ask questions about what the user is working on, what file shares she uses, what her password is.

A successful social engineering act requires the trust of the victim, so user awareness training about the problem is an effective countermeasure. Strict policies about service desk staff never asking for personally identifying information or passwords over the phone or in person can also help potential victims recognize a social engineering attempt.

How to Assess and Mitigate Information Security Threats
Introduction
Malware: The ever-evolving threat
Network-based attacks
Information theft and cryptographic attacks
Attacks targeted to specific applications
Social engineering
Threats to physical security
Balancing the cost and benefits of countermeasures

This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.

Read more on IT risk management

All
News
In Depth
Blog Posts
Opinion
Photo Stories
Videos

Latest News

Download Computer Weekly

In The Current Issue:
- How to mitigate IoT security risks to tap business benefits
- GDPR compliance: Whose job is it and is it really possible?
- On-premise object storage: Key products and use cases
Download Current Issue

Latest Blog Posts

The demise of Lehman Brothers sparked Inbotiqa’s flame: Fintech interview 29 – Fintech makes the world go around
Ripple invests in Swedish open source start-up Towo Labs – Open Source Insider
View All Blogs

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

Adobe, Uber on the challenges of digital transformation

Digital transformation initiatives may be all the rage in the enterprise, but they also pose significant challenges to CIOs and ...
Cloud migration failures and how to prevent them

Companies are moving more applications than ever to the cloud, but many of these initiatives fail. Learn how to avoid making your...
Achieving business value from cognitive collaboration

CIOs can take advantage of AI to improve employee and customer collaboration with cognitive capabilities that are now available ...

SearchSecurity

Exposed Docker hosts open the door for cryptojacking

Security researchers discovered a new Docker worm that has been targeting exposed hosts in order to spread cryptojacking malware ...
Essential instruments for a pen test toolkit

Does your penetration testing toolkit have the proper contents? Learn the must-have tool for any pen tester, as well as specific ...
Imperva breach update puts blame on exposed AWS API keys

Imperva CTO Kunal Anand posted updated information regarding the recent breach affecting Cloud WAF customers and admitted poor ...

SearchNetworking

Gluware network automation update addresses OS changes

Gluware adds to its network automation platform easier management of changes to device configurations and operating systems.
3 potential multi-cloud challenges that could go unnoticed

Disaster recovery, vendor lock-in and cost are major factors as organizations evaluate multi-cloud strategies. However, these ...
After ransomware virus, Merck's medicine was network automation

After a ransomware attack, Merck decided the best remedy was to deploy network automation tools designed to transform how it ...

SearchDataCenter

Improve server rack physical security with ISO standards

Safeguarding information access is essential to data center operations. With ISO Standard 27001 and the right locking mechanisms,...
Essential private cloud migration steps

Executive buy-in, application evaluation and tool configuration are all important parts of cloud selection. With these steps, ...
IBM quantum computers' usefulness in sight -- using binoculars

IBM's Bob Sutor discusses Big Blue's new quantum systems and computation center, the realities of quantum computing today and how...

SearchDataManagement

Apache Rya matures open source triple store database

Open source triple store database technology used by the U.S. Navy moves forward as a stable, mature project at the Apache ...
PostgreSQL 12 boosts open source database performance

Widely used open source PostgreSQL database platform gets a major update providing users with new SQL query capabilities for JSON...
Data integration vs. ETL in the age of big data

Data integration provides a consistent view of business performance across multiple data sources, though it needs to keep up with...

Close