Vut2-Rtft Task 1 Essay
Competency 427.2.4: Advanced Social Engineering
William J. Lawson
MS Information Security & Assurance - 5/1/13
My Mentor: Mary Gordon c: 317-448-3045
Indianapolis, IN - Eastern Time firstname.lastname@example.org[->0] A. Create a memo discussing how you believe the intruder gained access to the company's network using social engineering.
Incident Memo to Management Recently The Company was a victim of a Social Engineering (SE) attack, perpetrated by an unknown entity. Social Engineering is a method used by confidence men (con-men) to acquire information through human interaction that will be used to support a cyber attack. It often involves some form of trickery. …show more content…
Recommendations will aid to prevent future attacks, Educate Employee's to: • Not disclose passwords – While some may think this is common sense, human may still be inclined to give their password(s) to an helpdesk technicians or someone of authority, don't.. Even if there is a policy in place to never disclose passwords. Continue to inform employees that passwords are not to be disclosed under any circumstances (Schifreen, 2006). • Not to randomly disclose IT Information – Do not participate in surveys. A cyber criminal can use what is learned from a survey to pretend to be a vendor or a support person in order to gain additional information or access. If you receive a call from someone claiming to be a vendor representative, don't provide information. Document the person’s name and contact information, then call the vendor contact that you have on file directly with the goal of validating the person who called you claiming to be a vendor representative. • Restrict information provide in Out Of Office Messages – Do not provide, the length of time that you will be unavailable, nor alternate contacts with direct numbers, and emails. Never state that you will be unreachable. What you should do is ask people to contact the switch board operator who can provide information as needed or