Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

Published byJohn Carr Modified over 9 years ago

Similar presentations

Presentation on theme: "SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say."— Presentation transcript:

1 SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say Something! 1

2 Objectives  Understand the principles of social engineering  Define the goals of social engineering  Recognize the signs of social engineering  Identify ways to protect yourself from social engineering Security is Everyone's Responsibility – See Something, Say Something! 2

3 What is Social Engineering 1. At its core it is manipulating a person into knowingly or unknowingly giving up information; essentially 'hacking' into a person to steal valuable information. Psychological manipulation Trickery or Deception for the purpose of information gathering Security is Everyone's Responsibility – See Something, Say Something! 3

4 What is Social Engineering 2. It is a way for criminals to gain access to information systems. The purpose of social engineering is usually to secretly install spyware, other malicious software or to trick persons into handing over passwords and/or other sensitive financial or personal information Security is Everyone's Responsibility – See Something, Say Something! 4

5 What is Social Engineering 3. Social engineering is one of the most effective routes to stealing confidential data from organizations, according to Siemens Enterprise Communications, based in Germany. In a recent Siemens test, 85 percent of office workers were duped by engineering. “Most employees are utterly unaware that they are being manipulated,” says Colin Greenlees, security and counter-fraud consultant at Siemens. Security is Everyone's Responsibility – See Something, Say Something! 5

6 What are they looking for Obtaining simple information such as your pet's name, where you're from, the places you've visited; information that you'd give out freely to your friends. –Think of yourself as a walking computer, full of valuable information about yourself. You've got a name, address, and valuables. Now categorize those items like a business does. Personally identifiable data, financial information, cardholder data, health insurance data, credit reporting data, and so on… Security is Everyone's Responsibility – See Something, Say Something! 6

7 What are they looking for Take a close look at some of the 'secure' sites you log into. Some have a 'secret question' you have to answer, if you cannot remember your username or password. The questions seem pretty tough for an outsider looking into trying to hack into your account. What's the name of your first pet? What is your maiden name? When was your mother/father born? Where were you born? Do these sound familiar? Security is Everyone's Responsibility – See Something, Say Something! 7

8 Tactics 1.Pretexting – Creating a fake scenario 2.Phishing – Send out bait to fool victims into giving away their information 3.Fake Websites – Molded to look like the real thing. Log in with real credentials that are now compromised 4.Fake Pop-up – Pops up in front of real web site to obtain user credentials Security is Everyone's Responsibility – See Something, Say Something! 8

9 Protecting Yourself A security aware culture can help employees identify and repel social engineering attacks  Recognize inappropriate requests for information  Take ownership for corporate security  Understand risk and impact of security breeches  Social engineering attacks are personal  Password management  Two factor authentication  Physical security  Understand what information you are putting on the Web for targeting at social network sites GoogleTwitter MySpace Facebook Personal Blogs LinkedIn Security is Everyone's Responsibility – See Something, Say Something! 9

10 Protecting Yourself 1.Network defenses to repel virus Virus protection (McAfee, Norton, Symantec, etc…) Email attachment scanning Firewalls, etc… 2.Organizations must decide what information is sensitive 3.Security must be periodically tested 4.Contact your security office immediately if you have any concerns at work Security is Everyone's Responsibility – See Something, Say Something! 10

11 Security is Everyone's Responsibility – See Something, Say Something! 11

Download ppt "SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say."

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.

Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Alisha horsfield.  Computer virus is something that copies itself to computer software.  Virus can delete the hosts important documents which includes.

Alisha horsfield.  Computer virus is something that copies itself to computer software.  Virus can delete the hosts important documents which includes.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
Security Issues: Phishing, Pharming, and Spam

Security Issues: Phishing, Pharming, and Spam
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Social Engineering UTHSC Information Security Team.

Social Engineering UTHSC Information Security Team.

Similar presentations

Ads by Google