Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Social engineering brief

626 vues

Publié le

Self-read brief on social engineering - definition, activities, tactics, defense

Publié dans : Business, Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Social engineering brief

  1. 1. Social Engineering Brief >> 08.06.2012 Social Engineering
  2. 2. Social Engineering Brief >> 08.06.2012Social EngineeringNew media and new socialapplications add to the long list oftools and techniques to elicit criticalbusiness information fromemployees. This information can beused to harm businesses and to putthem in a disadvantage position intheir competitive environment.
  3. 3. Social Engineering Brief >> 08.06.2012DefinitionSocial engineering is a non-technical way of intrusion thatexploits human behavior based onhuman interaction. Often socialengineering involves false claims,statements and identities to tricktarget individuals and have thembreak normal security procedures.Actually, social engineering is part ofall kinds of exploits.
  4. 4. Social Engineering Brief >> 08.06.2012ActivitiesPhishing – per e-mail or telephoneemployees are convinced todisclose sensitive informationMalware – employees are urged torun virus infected software oncorporate devicesShoulder surfing – social engineerslook over employees’ shoulders tomemorize passwords
  5. 5. Social Engineering Brief >> 08.06.2012ActivitiesDustbin searching – socialengineers search and analyzedustbin contentPassword guessing – socialengineers take advantage ofemployees’ natural habit to usepasswords that are meaningful totheir personal circumstances andthus can be easily guessed
  6. 6. Social Engineering Brief >> 08.06.2012TacticsSocial Engineering exploits humanbehavior and addresses traits suchas vanity, lack of self-confidence,greed, craving for recognition,helpfulness … A supportive fact tosuccessful social engineering is thatnowadays employees have notcompletely grasped the value ofinformation in general and ofbusiness related information inparticular. The complexity of theinformation society adds to this, too.
  7. 7. Social Engineering Brief >> 08.06.2012DefendBeyond a comprehensive and strictcorporate information policy andemployee guideline, there are fourrules that can be easily followed toprotect the employee and theemployer against social engineering:First rule – inhale and follow thecorporate information policy andguideline
  8. 8. Social Engineering Brief >> 08.06.2012DefendSecond rule – avoid time pressure;ask for a telephone number or e-mail address to get back in touchThird rule – verify claims /statements which put you on thespot and urge you to act withoutthinking; verify the urgency, theindividual, the situation, the requestat all
  9. 9. Social Engineering Brief >> 08.06.2012DefendFourth rule – in case of uncertaintyimmediately involve superiors /security personal
  10. 10. Social Engineering Brief >> 08.06.2012INFO + DATENINFO + DATEN GmbH & Co. KGUdo HohlfeldP: +49 6731 5493512M: contact @ infoplusdaten . netW: www.infoplusdaten.net