Upload
vincentleone
View
56
Download
3
Tags:
Embed Size (px)
DESCRIPTION
This presentation is for INFO 644 CT#1
Citation preview
INFO 644 CRITICAL THINKING
#1
Vincent Leone
CRITICAL THINKING #1
AGENDA
• What is Social Engineering?• Implications for Social Engineering attacks• Social Engineering Examples• How do perpetrators breech security? • Technical & Social Vulnerabilities• Preventing Social Engineering Attacks
CRITICAL THINKING #1
Social Engineering (SE) – The gaining of information from legitimate users for illegitimate access.
Social Engineering is nothing more than an old-fashioned con game in a high tech world!
CRITICAL THINKING #1
Social Engineering attacks can result in the theft of:
• Intellectual property• Client lists• Account details• Organization finances• Government classified information• Customer data: SSNs, birthdates, credit card numbers
CRITICAL THINKING #1
Social Engineering Examples:• Phishing• Piggy backing• Shoulder surfing• Computer technician• Customer service• Blackmail• Bribery
CRITICAL THINKING #1
Who are the perpetrators responsible for breeching information systems security?
• Hackers• Identity thiefs• Foreign governments - espionage• Corporate competitors • Disgruntled employees – internal threat
CRITICAL THINKING #1
Technical Vulnerabilities:• Weak Passwords• Remote access• Poor firewalls • Civilian e-mail• Systems are interconnected (VCU Portal)
Social Vulnerabilities:• Over confident personalities• Trusting people who want to help others• Employees who do not follow policies
People are the largest vulnerability in any system!!
CRITICAL THINKING #1
Preventing Social Engineering Attacks:• Provide Awareness training• Conduct social engineering penetration attacks.• Mandate strict adherence to organization information security policies. • Make social engineering part of an organization’s defense strategy.
CRITICAL THINKING #1
FINAL QUESTION
What is the single best way to combat social engineering attacks?