social engineering
Home > Security Definitions - Social engineering
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

social engineering

Show me everything on Security Awareness Training and Internal Threats

DEFINITION - In computer security, social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. A social engineer runs what used to be called a "con game". For example, a person using social engineering to break into a computer network would try to gain the confidence of someone who is authorized to access the network in order to get them to reveal information that compromises the network's security. They might call the authorized employee with some kind of urgent problem; social engineers often rely on the natural helpfulness of people as well as on their weaknesses. Appeal to vanity, appeal to authority, and old-fashioned eavesdropping are typical social engineering techniques.

Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed. Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate.

Learn more about Security Awareness Training and Internal Threats
How to prevent phishing attacks with social engineering tests: Is your enterprise capable of withstanding today's phishing attacks? Sherri Davidoff reviews how you can test your employees.
Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert: Kaspersky Lab researchers have tracked more than 25,000 malware samples spreading through social networks in 2009.
Securing Web apps against authenticated users: Improve Web site security by securing Web applications from authenticated users and avoiding client-side authentication.
Thwarting insider threats: Five simple measures you can take to protect your organization from insider attacks.
Information security book excerpts and reviews: Visit the Information Security Bookshelf for book reviews and free chapter downloads.
Schneier, Ranum debate social networking risks: Should companies be concerned about employees' social networking? Bruce Schenier and Marcus Ranum take opposite sides on this issue.
How to choose the right SIM: There are dozens of security information management (SIM) tools on the market and they each have their own strengths and weaknesses. Choosing the wrong solution, however, is not just an issue of ...
Quiz: Anatomy of an attack: Take this five-question quiz and test your knowledge of social-engineering and data-mining attacks.
Security Metrics: Replacing Fear, Uncertainty, and Doubt: In this chapter excerpt from "Security Metrics: Replacing Fear, Uncertainty and Doubt," author Andrew Jaquith reveals ways to present security data in a clean and elegant manner.

LAST UPDATED: 08 Oct 2009

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- On SecurityFocus, Sarah Granger provides "Social Engineering Fundamentals, Part I: Hacker Tactics."
- On SearchSecurity.com, Kevin Komiega describes how "Hacker tactics prey on gullible, curious."





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads.
Schneier-Ranum face-off, part 2: Social networking
Is there a way that enterprises can allow social networking securely, or are sites like Facebook and Twitter simply too risky for enterprise...
Health Net breach failure of security policy, technology
Investigators should question why an external hard drive contained seven years of data, but IT security should have had the appropriate security...

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
dumpster diving  (SearchSecurity.com)
Honeynet Project  (SearchSecurity.com)




Get More social engineering Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2010, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts