ISSC Governance‎ > ‎

Social Engineering

posted 30 Dec 2009, 00:27 by Kanav Gupta
Train Employees to Spot and Stop the Scams
Having invested smartly in information and physical security, and you think organization is safe from external attacks? Well, the strongest defenses in the world are worthless if someone leaves the gate open. That "someone" is any one of your well-intentioned employees, and the key to the "gate" is that individual's susceptibility to social engineering. Register for this webinar to receive expert advice on:
  • The Latest Social Engineering Scams;
  • Why Social Engineering Is So Effective;
  • What Happens After You Have Been "Socialed";
  • Proactive Measures To Mitigate the Effects of "Being Socialed";
  • How to Test Your Employees Preparedness;
  • How to Test the Effectiveness of Your Awareness Efforts.
Despite all the media hype about hackers and viruses, the greatest threats to an organization's information security are the employees of the company. They're the ones who too often, too willingly, fall victim to Social Engineering ploys and open the doors wide to slick-tongued fraudsters.

When an intruder targets an organization for attack, be it for theft, fraud, economic espionage, or any other reason, the first step is reconnaissance. They need to know their target. The easiest way to conduct this task is by gleaning information from those that know the company best. Their information gathering can range from simple phone calls to dumpster diving. It is not beyond an attacker to use everything at their disposal to gain information. Much like the telemarketer badgers the elderly couple into investing in fraudulent stock, a social engineer uses all the tricks in the book to obtain the goal.

Being cognizant of these types of attacks, educating your employees about the methodologies of the attacks, and having a plan in place to mitigate them are essential to surviving these manipulations.

This presentation focuses on the core issues of social engineering's methodologies, effectiveness and prevention - as well as how to test the effectiveness of your training efforts. These core components include:

  • Identifying the many forms in which the attack may occur;
  • Understanding the intention of the attack;
  • Educating the potential victims;
  • Creating a policy to minimize the impact of the attack;
  • Testing employees' abilities to sniff out social engineering scams;
  • Managing a program to ensure that ongoing reviews and updates are in place;
  • Regular testing to ensure the effectiveness of your training initiatives.

You will understand social engineering methodologies, why it is the most effective tool in attacking a company and why so many people fall victim. You will also learn how the importance of effective corporate communication and incident response planning can prevent attacks from occurring in the first place. You will discover new ways to test the effectiveness of your awareness efforts. And finally you will learn what to do "next" after the attack has occurred. Can you put the genie back in the bottle? Yes, if you know where the genie is likely to go next.