9.55C Social Engineering: The Human Side of Security

SECURE-U

Summary

Research shows that the most damaging penetrations to an organization's security system often come with help from the inside – an unfortunate employee fallen victim to “social engineering.”

The strongest defense for an organization against social engineering is an educated employee. But a well-educated employee must be armed with more than just the information about what social engineering is. He or she must be part of a security-conscious organization.

In this course, we will explore the oldest trick in the book (and the most underrated threat), social engineering, and steps you can take to reduce the threat.

This class will lead the student through real-world examples of social engineering attacks, including E-Mail, Telephone, SMS, shoulder surfing and other physical and digital attacks.

We will look at actual examples of attacks and how to recognize and respond to them. Examples will be taken from actual methods used by criminals and by our auditors.

Audience

This course is relevant to all employees.

Objectives

By the completion of this course, students will:

  • Understand social engineering and how it is used to compromise security.
  • Become familiar with the tricks and tools that are used to gain trust.
  • Learn steps to identify an attack.
  • Understand the proper procedure for responding to an attack.
  • Understand the ramifications of falling victim to these attacks.

Topics

  • Social Engineering definitions, examples, and statistics.
  • Security awareness:
  • Understand threats
  • Clues to identify an threat
  • Gauging vulnerabilities to attacks
  • Reducing exposure to attacks
  • Defending against attack
  • Tactics used by social engineers from dumpster diving to impersonation.
  • Prevention and detection of social media scams

ONLINE COURSE EQUIVALENT

CSU 300 The Human Side of Security

Course Offerings Schedule

Future times and dates are to be determined.