2. WHAT IS SOCIAL ENGINEERING? 3. Social engineering is the
acquisition of confidential information from users that will be
used to cause damage or harm to a company A social engineer preys
upon a company or a users vulnerabilities by gaining trust through
the impersonation of a valued employee or business Social
engineering attacks can be physical and psychological SOCIAL
ENGINEERING 4. WHAT ARE THE IMPLICATIONS FOR SOCIAL ENGINEERING
ATTACKS? 5. Social engineering attacks can be physical and
psychological Physical Attacks: According to Dhillon, in order for
a physical attack to occur, the social engineer must physically be
at the companys or businesss physical location. (2013)
Psychological Attacks: The attacks occur through gaining trust by
impersonating a valued person, such as, a help desk technician.
Attackers use persuasive techniques to convince, user to help them
(Dhillon, 2013 p. 234). IMPLICATIONS 6. Some implications that
social engineering is taken place within a business are: -If a
person is being too helpful or friendly in regards to solving a
system issue. -If outside assistance are reaching out and asking
for personal login information -If the person is asking for
information outside of their prescribed security level -Unusual
daily activity within a system by a user -Fraudulent charges found
by customers through credit card statements IMPLICATIONS 7. HOW AND
WHY DOES A SECURITY BREACH HAPPEN? 8. Security breaches happen when
the company and the employee fail to follow proper information
security measures. -According to the readings, security breaches
happen because of an employee blindly gives out information to a
seemingly entrusted individual. -Guidelines in a companys security
policy do not specifically cover all bases of securing the companys
information. SECURITY BREACH 9. TECHNICAL VULNERABILITIES Security
Breaches 10. Technical vulnerabilities are risks that are presented
to a companys computers, databases, and software systems. According
to Dhillon (2013), some technical vulnerabilities that a company
may encounter are: -System Architecture Server -Routing and
firewall -Website Vulnerabilities -Server Spoofing -HTTP Attacks
TECHNICAL VULNERABILITIES 11. Social vulnerabilities are those
risks presented by users sharing personal information, not being
careful with who accesses security information, and working in an
environment that doesnt take information security seriously. For
example: -Sharing Passwords -Logging onto prohibited websites
-Using your company computer for non-work related matters -Leaving
personal/confidential information up on the computer screen when
away from your workstation SOCIAL VULNERABILITIES 12. PREVENTION
Social Engineering Attacks 13. The prevention of social engineering
is quite simple. Company standards and expectations of their
employees should go above and beyond when it comes to information
security. The security policy should state thorough definitions and
instructions for employees and others directly and indirectly
involved in the company to follow HOW TO 14. The companys technical
security must never be compromised by a person impersonating a
entrusted individual. Physical security must verify a persons
identity to ensure that a security breach does not take place A
company website should not give out personal direct contact
information of those individuals that hold positions that are
imperative to the companys information security. HOW TO 15.
Dhillon, G. (2013). Enterprise Cyber Security: Principles and
Practice. Washington, DC: Paradigm Books. RESOURCES 16. How can an
employee avoided being manipulated by a social engineer?
QUESTION
