Home > Social engineering
Book Chapter:
EMAIL THIS

Social engineering

26 Jan 2007 | By Dan Sullivan, Realtimepublishers

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

This is tip No. 5 in our series, " How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers.

Social engineering is the practice of deceiving legitimate users of a system into disclosing information that will aid the attacker in compromising system security. A simple example is calling a user and pretending to be someone from the service desk working on a network issue; the attacker then proceeds to ask questions about what the user is working on, what file shares she uses, what her password is.

A successful social engineering act requires the trust of the victim, so user awareness training about the problem is an effective countermeasure. Strict policies about service desk staff never asking for personally identifying information or passwords over the phone or in person can also help potential victims recognize a social engineering attempt.


How to Assess and Mitigate Information Security Threats
  Introduction
  Malware: The ever-evolving threat
  Network-based attacks
  Information theft and cryptographic attacks
  Attacks targeted to specific applications
  Social engineering
  Threats to physical security
  Balancing the cost and benefits of countermeasures

This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.

BROWSE BY TAG
Malware, Viruses, Trojans and Spyware,   Security Awareness Training and Internal Threats,   Information Security Management,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Malware, Viruses, Trojans and Spyware
Schneier-Ranum Face-Off: Is antivirus dead?
Modern malware, stealthy botnets, adapt quickly, expert says
Computer worm infections up, scareware antivirus down, Microsoft says
Web-based attacks skyrocket, pirating sites surge, security firms say
Mini guide: How to remove and prevent Trojans, malware and spyware
Kaspersky system analyzes malicious URLs on Twitter for malware
Silon malware intercepts Internet Explorer sessions, steals credentials
Breach forces payroll service provider PayChoice to shut down again
RSA research underscores problem tracking cybercriminals
Conficker analysis finds P2P coding limited, less sophisticated

Security Awareness Training and Internal Threats
Creating a HIPAA employee training program
Successful rogue antivirus hinges on social engineering
External attacks start with unintentional mistakes, survey finds
Security technologies fail to address insider threat management
Data breach avoidance begins with security basics, panel says
Monitoring program data and internal controls for risk management
Software security threats and employee awareness training
Twitter risks, Facebook threats trouble security pros
Social engineering training could disrupt botnet growth
How to write a risk methodology that blends business, security needs

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
bot worm  (SearchSecurity.com)
directory traversal  (SearchSecurity.com)
government Trojan  (SearchSecurity.com)
Kraken  (SearchSecurity.com)
man in the browser  (SearchSecurity.com)
polymorphic malware  (SearchSecurity.com)
RAT (remote access Trojan)  (SearchSecurity.com)
RavMonE virus  (SearchSecurity.com)
RFID virus  (SearchSecurity.com)
Rock Phish  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




Search Additional Security Research and Solutions
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts