Why Social Engineering Security is so Important ?
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
The term "social engineering" as an act of psychological manipulation is also associated with the social sciences, but its usage has caught on among computer and information security professionals.
Let Read more details in Infographic view
Countermeasures Suggested :
Organizations reduce their security risks in Social Engineering by:
1. Establishing frameworks of trust on an employee/personnel level (i.e., specify and train personnel when/where/why/how sensitive information should be handled)
2. Identifying which information is sensitive and evaluating its exposure to social engineering and breakdowns in security systems (building, computer system, etc.)
3. Establishing security protocols, policies, and procedures for handling sensitive information. ( E.g Standard of Procedure SOP of any Job )
4. Training employees in security protocols relevant to their position. (e.g., in situations such as tailgating, if a person's identity cannot be verified, then employees must be trained to politely refuse.)
5. Performing unannounced, periodic tests of the security framework.
Reviewing the above steps regularly: no solutions to information integrity are perfect.
6. Using a waste management service that has dumpsters with locks on them, with keys to them limited only to the waste management company and the cleaning staff. Locating the dumpster either in view of employees such that trying to access it carries a risk of being seen or caught or behind a locked gate or fence where the person must trespass before they can attempt to access the dumpster.
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
The term "social engineering" as an act of psychological manipulation is also associated with the social sciences, but its usage has caught on among computer and information security professionals.
Let Read more details in Infographic view
 |
| Why Social Engineering is so very important |
Countermeasures Suggested :
Organizations reduce their security risks in Social Engineering by:
1. Establishing frameworks of trust on an employee/personnel level (i.e., specify and train personnel when/where/why/how sensitive information should be handled)
2. Identifying which information is sensitive and evaluating its exposure to social engineering and breakdowns in security systems (building, computer system, etc.)
3. Establishing security protocols, policies, and procedures for handling sensitive information. ( E.g Standard of Procedure SOP of any Job )
4. Training employees in security protocols relevant to their position. (e.g., in situations such as tailgating, if a person's identity cannot be verified, then employees must be trained to politely refuse.)
5. Performing unannounced, periodic tests of the security framework.
Reviewing the above steps regularly: no solutions to information integrity are perfect.
6. Using a waste management service that has dumpsters with locks on them, with keys to them limited only to the waste management company and the cleaning staff. Locating the dumpster either in view of employees such that trying to access it carries a risk of being seen or caught or behind a locked gate or fence where the person must trespass before they can attempt to access the dumpster.
0 Komentar untuk "Infographic : Why Social Engineering Security is so Important"