Hacking the Human

Contributed by David McDaniel
Information security professionals must plan for, identify, and mitigate threats originating from a myriad of sources. While these individuals and teams are required to implement numerous technological controls and protections such as firewalls, intrusion detection systems, strong password usage, and even encryption, it is often a threat from an inside vector that is overlooked. These insider threats are frequently in the form of social engineering attacks from external actors on the organization’s employees. In this paper, the author begins by providing an introduction to social engineering, briefly explaining its history in regard to information security. Next, the author seeks to explain several types and vectors of social engineering attacks. The third segment of this paper focuses on recent high-profile social engineering attacks. In the fourth and final part of this paper, the author seeks to explain several strategies for mitigation and defense of social engineering attacks.
This document is in PDF format. To view it click here.

Rate this article: 
No votes yet