How to Protect Companies from Social Engineering Threats

WHO SHOULD READ: This paper provides security management information about the threats posed by social engineering and the defenses that are available to help resist social engineering hackers. Social engineering describes primarily non-technical threats to company security. The broad nature of these potential threats necessitates providing information about threats and potential defenses to a range of management and technical staff within a company, including:

 

• Board management
• Technical operation and service managers
• Support staff
• Security staff
• Business managers

 

OVERVIEW: Gain valuable information about the concepts of social engineering within the IT security workspace. In section one, the guide provides a working definition of social engineering that can be used within a company’s security policies and is meaningful to non-IT security staff. The guide describes the aims and objectives of an attacker and shows how social engineering, like hacking, is a threat to all businesses, not just enterprise or government institutions. The guide will also cover:

 

• Social engineering and the defense-in-depth layered model
• Social engineering threats and defense
• Online, telephone-based, and waste management threats
• Personal approaches
• Reverse social engineering
• Designing and implementing defenses against social engineering threats
• Developing a security management framework
• Risk management
• Social engineering in the organizational security policy
• Awareness
• Managing incidents
• Operational considerations
• Security policy for social engineering threat checklists

 

–> Download Word Doc Here <–

 

 

–> Read Online @ TechNet <–