Question: Social engineering is any method used to manipulate the action of a person to gain unauthorized access to a system. Social engineering isn't limited to
Social engineering is any method used to manipulate the action of a person to gain unauthorized access to a system. Social engineering isn't limited to just cyberspace, it's done every day in real life. It can be something illegal, like people posing and acting like law enforcement, or something completely legal, like a salesman attempting to lure you into buying their product.
One primary additional deliverable I would be to create in-house test trials and test the employees. Create realistic looking emails coming directly from the HR, IT, or Front Desk department, and test whether or not the employee actually does what they are supposed to do to verify that the email is coming from a legit source before clicking any links. Call employees on their exension numbers and pose as somone coming from within the company. Like, 'Hi this is Bob from IT.' See if the employee asks around to see if 'Bob' actually exists, and if he does, (in the event a scammer knows that a Bob exists within the company) see if he was actually in the office that day.
Testing the employees on the various types of social engineering attacks out there, not just through email, will train them to continually look out for this type of thing in all kinds of scenarios.
- Would your peers recommended deliverable appeal to you as an employee? Why or why not?
- Do you think any elements were missing from the lesson your peer reviewed? Explain.
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help