Topic: Managing the Social Engineering Threat
People can be the weak link in a security system. Often, a simple social engineering attack can bypass sophisticated and expensive computer security mechanisms. Although a company may install firewalls and intrusion detection systems, an untrained user may respond to a phishing attack and give an attacker log-on credentials in response to a clever e-mail. Social engineering works because people are generally trusting and presume that messages they get through e-mail are legitimate. Therefore, it is important to train users on how to detect and avoid social engineering attacks.
Submit a 2- to 3-page document that contains responses to the following questions:
List three social engineering attacks that someone might use to try to get credentials from an employee. In each case, state what type of training might help make the employee rebuff the attacks.
Specifically, if a social engineering threat involved a charismatic person attempting to get credentials, in person or over the phone, what key points would you use in an employee training program to help employees best deal with this type of situation?
Discuss a social engineering attack or attempt that you have experienced, such as a fraudulent e-mail or a scam in an online auction. Did you detect the attack? How did you eventually decide it was a scam or attack? What was the outcome? Did you take any actions as a result?
Your document should conform to APA style.