Week 2 Element K Activity
University of Phoenix
January 28, 2012
Discuss the role that preparing employees to recognize and respond to social engineering techniques should play in the organization’s overall information security program.
Preparation and training for employees to recognize social engineering techniques should be of utmost importance to any organization’s overall information security program. This includes the processes of explaining the importance of keeping the organization’s information secure, explaining how to keep the information secure and explaining the consequences employees will face if they are found in violation of the company’s security policies. Without ensuring each employee has an understanding of the above mentioned areas, expecting information to be kept secure is not a realistic option for any company.
There are many things that can happen if an organization’s information gets into the wrong person’s hands – identity theft, fraud and other types of cyber crimes that could potentially cause even the biggest of businesses to close down shop if the problem was big enough. That being said, with careful planning and strictly enforced policies to secure an organization’s information, there is a better chance at defending the information from intruders and wrongdoers. Of course, there’s no such thing as 100-percent security when it comes to information security, but having employee’s who are prepared and know what to do when an intrusion or other suspicious activities occur will definitely help to prevent any mishaps.
Note three specific social engineering techniques. Discuss how they can be recognized and how to best prepare employees for each potential attack.
* Familiarity Exploit – This type of social engineering technique sees an intruder doing everything they can to appear familiar in an area where they are not authorized to be, allowing the intruder to carry out malicious doings. As an example, a...