David08

@David08

Joined on Apr 16, 2021

  • Definition: Social engineering (SE) is any act that influences a person to take an action that may or may not be in their best interests; it takes advantage of the fact that gender bias, racial, age, and status bias (as well as combinations of those biases) exist. Why learn about SE Most people take social engineering as someone wanting to gain small favours or obviously manipulation. However, there is more to that from a security standpoint: 1. Identifying loopeholes - this is the process of identifying vulnerabilities within the chain; lets say in an organization by conducting simulated phishing and even physical intrusion campaings. It helps the organization update their risk register and matrix as far as physical and information security is concerned. 2. Training to defend - after the loophole has been identified, it needs to be patched. This has to involve training of the relevant stakeholders because as Kevin Mitnick put it "There is no patch to human stupidity"
     Like  Bookmark
  • Having looked at the general attack vector of social engineering, lets look at how we can prevent or detect social engineering that comes via email (phishing);
     Like  Bookmark
  • In the current digital world, almost everyone has access to the internet via their mobile phones, use of smart devices, and the need for having control of our assets and devices from the comfort of our smartphones. All of this is made possible by networking and it therefore important to ensure that all this integration is safe. Def- It is the protection of hardware, software, information and all underlying architecture in a given network. Network security is not a technical problem; it is a business and people's problems. Technology is the easy part. The difficult part is developing a security plan that fits the organization's business operation and getting people to comply with the plan. To be able to make people adopt the plan in place for network security, it is key that each person knows the assets, map it to its value, prioritize and develop a cost benefit analysis. The aspect of Risk Assessment comes into play which is crucial in developing proportionate defenses and need to understand possible threats and vulnerabilities. The basic steps for Risk Assessment are as follows: Identifying and prioritizing assets Identifying vulnerabilities, threats and their probabilities Identifying countermeasures
     Like 4 Bookmark