Question

As you analyze any modern corporate setup, you will see that companies want to ensure that all users are aware of their own individual responsibility to help protect the enterprise. Social engineering (SE) is becoming a more prevalent threat at all levels of business. To combat it, you first need to understand it. Therefore, you must complete the following: Describe what social engineering is and explain its existence and prevalence. Explain why SE is an important part of an information technology security course. Discuss employee and management responsibilities with regard to information security and combating SE. Make sure your work clarifies your opinion as to who carries more responsibility for preventing SE-the employees or management. Provide examples to back up your statements. Prepare a 1-2 page Word document that covers the above areas.

Answer 1

Describe what social engineering is and explain its existence and prevalence?

Social engineering is a hacking technique to trick people or victim to reveal their sesitive,confidential,important or secret information to an attacker. Types of attacks perform by attacker are phishing mail, sms,pretexting, baiting, tailgating etc.

If we talk about existance and prevalence of social engineering it existance is very common you can easily observe that you have already attacked by these type of social engineering attacks very often like you recieving fraud calls that they are asked you to give your credit/debit card details , fake job vacancy emails/sms , some type of lottery sms or prize winning sms, phising page links via mail or sms these all are the social engineering attacks.

Explain why SE is an important part of an information technology security course.

Socail engineering is an important part of an imformation technology security course because when any attack is perfomed by an attacker it always starts from the social engineering like attacker first finds the loopholes of the organisation by manipulate the employee or management to reveal their organisation security infrastructure or what level of security system they are using by physically meet them. He will easily get those imformation from these type of employee or management staff who are unaware of social engineering because they don't know what imformation to reveal or what to not that's why social engineering is an important part of an information security course.

Discuss employee and management responsibilities with regard to information security and combating SE.

Management responsibilities with regard to information security and combating social engineering is to increase their security level means that unauthorize people can't enter to sensitive area of the organisation because it prevents many physical attack caused by social engineering attacks update their firewall policies to prevent any malicious or phishing traffic get into to their organisation. Regularly conduct workshops or awareness program on information security for employee and management of the organisation which makes aware them towards social engineering attacks.

Employee responsibilities with regard to information security and combating social engineering is to follow company security policies. not reveal any information about their company which may lead to security issue with anyone not even with friends. regurally attend awareness programe conducted by the organisation if employee find something like any social engineering attack to their system like any phishing mail or url or any attack his responsibility it to repost to its information security management immediately.

Make sure your work clarifies your opinion as to who carries more responsibility for preventing SE-the employees or management.

In my opinion Employees carries more responsibility for preventing social engineering than management because attacker always target the emmployees of the organisation because they know most of the employees are unaware of social engineering attack this will be more clear by an example

Suppose a employee Alice and attacker bob are close friend and they always meet and spent time together after work hours management of the company have done their best like they have installed the best security infrastructure in their organisation but attacker bob wants to attack them but due lack of imformation about comspany security he can't then he starts talking alice about their company security infrastructure and alice who are unaware of social engineering easily reveal all the imformation that the attacker bob required after getting imformation he will finds the loopholes of their system and able to perform the attack that's why employee is more responsible than management to prevent social engineering.

Please hit the like button if you find this helpful for you THANK YOU AND HAPPY LEARNING:)