SlideShare a Scribd company logo

Norman critical thinking 1

Download as PPTX, PDF
Q
qnorman

A social engineer acquires confidential information from users to harm a company. They gain trust by impersonating valued employees and use psychological techniques to convince users to help. Security breaches happen when employees provide information to seemingly trusted individuals without following security policies. Companies can prevent social engineering by having thorough security policies that define instructions for employees and verify identities to prevent impersonation.

1 of 16
Qi’Anna Norman CRITICAL THINKING #1
WHAT IS SOCIAL ENGINEERING?
Social engineering is the acquisition of confidential information from users that will be used to cause damage or “harm” to a company A social engineer preys upon a company or a user’s vulnerabilities by gaining trust through the impersonation of a valued employee or business Social engineering attacks can be physical and psychological SOCIAL ENGINEERING
WHAT ARE THE IMPLICATIONS FOR SOCIAL ENGINEERING ATTACKS?
Social engineering attacks can be physical and psychological • Physical Attacks: According to Dhillon, in order for a physical attack to occur, the social engineer must physically be at the company’s or business’s physical location. (2013) • Psychological Attacks: The attacks occur through gaining trust by impersonating a valued person, such as, a help desk technician. “Attackers use persuasive techniques… to convince, user to help them” (Dhillon, 2013 p. 234). IMPLICATIONS
Some implications that social engineering is taken place within a business are: -If a person is being too helpful or friendly in regards to solving a system issue. -If outside assistance are reaching out and asking for personal login information -If the person is asking for information outside of their prescribed security level -Unusual daily activity within a system by a user -Fraudulent charges found by customers through credit card statements IMPLICATIONS
HOW AND WHY DOES A SECURITY BREACH HAPPEN?
Security breaches happen when the company and the employee fail to follow proper information security measures. -According to the readings, security breaches happen because of an employee blindly gives out information to a seemingly entrusted individual. -Guidelines in a company’s security policy do not specifically cover all bases of securing the company’s information. SECURITY BREACH
TECHNICAL VULNERABILITIES Security Breaches
Technical vulnerabilities are risks that are presented to a company’s computers, databases, and software systems. According to Dhillon (2013), some technical vulnerabilities that a company may encounter are: -System Architecture Server -Routing and firewall -Website Vulnerabilities -Server Spoofing -HTTP Attacks TECHNICAL VULNERABILITIES
Social vulnerabilities are those risks presented by users sharing personal information, not being careful with who accesses security information, and working in an environment that doesn’t take information security seriously. For example: -Sharing Passwords -Logging onto prohibited websites -Using your company computer for non-work related matters -Leaving personal/confidential information up on the computer screen when away from your workstation SOCIAL VULNERABILITIES
PREVENTION Social Engineering Attacks
The prevention of social engineering is quite simple. Company standards and expectations of their employees should go above and beyond when it comes to information security. The security policy should state thorough definitions and instructions for employees and others directly and indirectly involved in the company to follow HOW TO…
The company’s technical security must never be compromised by a person impersonating a entrusted individual. Physical security must verify a person’s identity to ensure that a security breach does not take place A company website should not give out personal direct contact information of those individuals that hold positions that are imperative to the company’s information security. HOW TO…
Dhillon, G. (2013). Enterprise Cyber Security: Principles and Practice. Washington, DC: Paradigm Books. RESOURCES
How can an employee avoided being manipulated by a social engineer? QUESTION

Recommended

IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
Murray Security Services
 
WSO2Con EU 2016: Reinforcing Your Enterprise with Security Architectures
WSO2Con EU 2016: Reinforcing Your Enterprise with Security ArchitecturesWSO2Con EU 2016: Reinforcing Your Enterprise with Security Architectures
WSO2Con EU 2016: Reinforcing Your Enterprise with Security Architectures
WSO2
 
Safeguardsintheworkplace
SafeguardsintheworkplaceSafeguardsintheworkplace
SafeguardsintheworkplaceAdam Richards
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
DM_GS
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Hacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig ClarkHacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig Clark
Service Desk Institute
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
Gary Bahadur
 

Recommended

IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
Murray Security Services
 
WSO2Con EU 2016: Reinforcing Your Enterprise with Security Architectures
WSO2Con EU 2016: Reinforcing Your Enterprise with Security ArchitecturesWSO2Con EU 2016: Reinforcing Your Enterprise with Security Architectures
WSO2Con EU 2016: Reinforcing Your Enterprise with Security Architectures
WSO2
 
Safeguardsintheworkplace
SafeguardsintheworkplaceSafeguardsintheworkplace
SafeguardsintheworkplaceAdam Richards
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
DM_GS
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Hacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig ClarkHacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig Clark
Service Desk Institute
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
Gary Bahadur
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
Joel Cardella
 
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions
 
Group 13
Group 13Group 13
Group 13agyare2015
 
Security and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariSecurity and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariArber Hoxhallari
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT World
Akshay Mittal
 
Case Study
Case StudyCase Study
Case Study
bogans
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
BPalmer13
 
Corporate security pdf
Corporate security pdfCorporate security pdf
Corporate security pdf
G3 intelligence Ltd
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
Legal Services National Technology Assistance Project (LSNTAP)
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
CBIZ, Inc.
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
CommLab India – Rapid eLearning Solutions
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
Tanmay Shinde
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
CBIZ, Inc.
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technologyparamalways
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in mis
Gurjit
 
Ci/CD Android
Ci/CD AndroidCi/CD Android
Ci/CD Android
rendra toro
 
Critical thinking 3
Critical thinking 3Critical thinking 3
Critical thinking 3qnorman
 

More Related Content

What's hot

InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
Joel Cardella
 
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions
 
Security and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariSecurity and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariArber Hoxhallari
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT World
Akshay Mittal
 
Case Study
Case StudyCase Study
Case Study
bogans
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
BPalmer13
 
Corporate security pdf
Corporate security pdfCorporate security pdf
Corporate security pdf
G3 intelligence Ltd
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
Legal Services National Technology Assistance Project (LSNTAP)
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
CBIZ, Inc.
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
CommLab India – Rapid eLearning Solutions
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
Tanmay Shinde
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
CBIZ, Inc.
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technologyparamalways
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in mis
Gurjit
 

What's hot (20)

InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
 
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.
 
Group 13
Group 13Group 13
Group 13
 
Security and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariSecurity and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber Hoxhallari
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT World
 
Case Study
Case StudyCase Study
Case Study
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 
Corporate security pdf
Corporate security pdfCorporate security pdf
Corporate security pdf
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technology
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in mis
 

Viewers also liked

Ci/CD Android
Ci/CD AndroidCi/CD Android
Ci/CD Android
rendra toro
 
Critical thinking 3
Critical thinking 3Critical thinking 3
Critical thinking 3qnorman
 
Library research pbnp-parti_fall_2013
Library research pbnp-parti_fall_2013Library research pbnp-parti_fall_2013
Library research pbnp-parti_fall_2013Jody_Nelson
 
Critical thinking 2
Critical thinking 2Critical thinking 2
Critical thinking 2qnorman
 
KEWIRAUSAHAAN MATERI
KEWIRAUSAHAAN MATERIKEWIRAUSAHAAN MATERI
KEWIRAUSAHAAN MATERI
Linquini_
 
SUMSUM TULANG (PART03)
SUMSUM TULANG (PART03)SUMSUM TULANG (PART03)
SUMSUM TULANG (PART03)
Linquini_
 
Fall 2013 psychiatric_nursing_45min
Fall 2013 psychiatric_nursing_45minFall 2013 psychiatric_nursing_45min
Fall 2013 psychiatric_nursing_45minJody_Nelson
 
KEWIRAUSAHAAN KONLIK INTERPERSONAL
KEWIRAUSAHAAN KONLIK INTERPERSONALKEWIRAUSAHAAN KONLIK INTERPERSONAL
KEWIRAUSAHAAN KONLIK INTERPERSONAL
Linquini_
 
Critical Thinking 4
Critical Thinking 4Critical Thinking 4
Critical Thinking 4qnorman
 
BORAX DAN SULFAT
BORAX DAN SULFATBORAX DAN SULFAT
BORAX DAN SULFAT
Linquini_
 
SUMSUM TULANG (PART02)
SUMSUM TULANG (PART02)SUMSUM TULANG (PART02)
SUMSUM TULANG (PART02)
Linquini_
 
SUMSUM TULANG (PART01)
SUMSUM TULANG (PART01)SUMSUM TULANG (PART01)
SUMSUM TULANG (PART01)
Linquini_
 
Model View Presenter
Model View Presenter Model View Presenter
Model View Presenter
rendra toro
 
Resep jadi rockstar developer
Resep jadi rockstar developerResep jadi rockstar developer
Resep jadi rockstar developer
rendra toro
 
PT. SINAR SOSRO
PT. SINAR SOSROPT. SINAR SOSRO
PT. SINAR SOSRO
Linquini_
 
Andrew - Job scheduler
Andrew - Job schedulerAndrew - Job scheduler
Andrew - Job scheduler
rendra toro
 
Android - Model Architecture
Android - Model ArchitectureAndroid - Model Architecture
Android - Model Architecture
rendra toro
 
HEMATOLOGI DASAR
HEMATOLOGI DASARHEMATOLOGI DASAR
HEMATOLOGI DASAR
Linquini_
 

Viewers also liked (19)

Ci/CD Android
Ci/CD AndroidCi/CD Android
Ci/CD Android
 
Critical thinking 3
Critical thinking 3Critical thinking 3
Critical thinking 3
 
Library research pbnp-parti_fall_2013
Library research pbnp-parti_fall_2013Library research pbnp-parti_fall_2013
Library research pbnp-parti_fall_2013
 
JoinMe TechTalk
JoinMe TechTalkJoinMe TechTalk
JoinMe TechTalk
 
Critical thinking 2
Critical thinking 2Critical thinking 2
Critical thinking 2
 
KEWIRAUSAHAAN MATERI
KEWIRAUSAHAAN MATERIKEWIRAUSAHAAN MATERI
KEWIRAUSAHAAN MATERI
 
SUMSUM TULANG (PART03)
SUMSUM TULANG (PART03)SUMSUM TULANG (PART03)
SUMSUM TULANG (PART03)
 
Fall 2013 psychiatric_nursing_45min
Fall 2013 psychiatric_nursing_45minFall 2013 psychiatric_nursing_45min
Fall 2013 psychiatric_nursing_45min
 
KEWIRAUSAHAAN KONLIK INTERPERSONAL
KEWIRAUSAHAAN KONLIK INTERPERSONALKEWIRAUSAHAAN KONLIK INTERPERSONAL
KEWIRAUSAHAAN KONLIK INTERPERSONAL
 
Critical Thinking 4
Critical Thinking 4Critical Thinking 4
Critical Thinking 4
 
BORAX DAN SULFAT
BORAX DAN SULFATBORAX DAN SULFAT
BORAX DAN SULFAT
 
SUMSUM TULANG (PART02)
SUMSUM TULANG (PART02)SUMSUM TULANG (PART02)
SUMSUM TULANG (PART02)
 
SUMSUM TULANG (PART01)
SUMSUM TULANG (PART01)SUMSUM TULANG (PART01)
SUMSUM TULANG (PART01)
 
Model View Presenter
Model View Presenter Model View Presenter
Model View Presenter
 
Resep jadi rockstar developer
Resep jadi rockstar developerResep jadi rockstar developer
Resep jadi rockstar developer
 
PT. SINAR SOSRO
PT. SINAR SOSROPT. SINAR SOSRO
PT. SINAR SOSRO
 
Andrew - Job scheduler
Andrew - Job schedulerAndrew - Job scheduler
Andrew - Job scheduler
 
Android - Model Architecture
Android - Model ArchitectureAndroid - Model Architecture
Android - Model Architecture
 
HEMATOLOGI DASAR
HEMATOLOGI DASARHEMATOLOGI DASAR
HEMATOLOGI DASAR
 

Similar to Norman critical thinking 1

Social engineering
Social engineeringSocial engineering
Social engineeringHHSome
 
VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1tgbrunet
 
Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdf
AbdullahKanash
 
Report on Human factor in the financial industry
Report on Human factor in the financial industryReport on Human factor in the financial industry
Report on Human factor in the financial industry
Chandrak Trivedi
 
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfInsider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Enterprise Insider
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf
Ramya Nellutla
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
An insight into information security.pdf
An insight into information security.pdfAn insight into information security.pdf
An insight into information security.pdf
Securityium
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Team black
Team blackTeam black
Team black
hetvi naik
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
Craig Clark ITIL, CIS LI,EU GDPR P
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
zhihaochen
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
zhihaochen
 
A Review On Adapting Social Engineering Services—Aardwolf Security
A Review On Adapting Social Engineering Services—Aardwolf SecurityA Review On Adapting Social Engineering Services—Aardwolf Security
A Review On Adapting Social Engineering Services—Aardwolf Security
Aardwolf Security
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasSundas Kayani
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Richard Common
 
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
Hansa Edirisinghe
 
An insight into information security.pptx
An insight into information security.pptxAn insight into information security.pptx
An insight into information security.pptx
Securityium
 
7. Assignment- 700 words with 3 referencesWhen a traffic c.docx
7. Assignment- 700 words with 3 referencesWhen a traffic c.docx7. Assignment- 700 words with 3 referencesWhen a traffic c.docx
7. Assignment- 700 words with 3 referencesWhen a traffic c.docx
fredharris32
 
What Social Engineering is.pdf
What Social Engineering is.pdfWhat Social Engineering is.pdf
What Social Engineering is.pdf
kamranrazzaq8
 

Similar to Norman critical thinking 1 (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1
 
Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdf
 
Report on Human factor in the financial industry
Report on Human factor in the financial industryReport on Human factor in the financial industry
Report on Human factor in the financial industry
 
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfInsider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
An insight into information security.pdf
An insight into information security.pdfAn insight into information security.pdf
An insight into information security.pdf
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Team black
Team blackTeam black
Team black
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
A Review On Adapting Social Engineering Services—Aardwolf Security
A Review On Adapting Social Engineering Services—Aardwolf SecurityA Review On Adapting Social Engineering Services—Aardwolf Security
A Review On Adapting Social Engineering Services—Aardwolf Security
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest Link
 
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
 
An insight into information security.pptx
An insight into information security.pptxAn insight into information security.pptx
An insight into information security.pptx
 
7. Assignment- 700 words with 3 referencesWhen a traffic c.docx
7. Assignment- 700 words with 3 referencesWhen a traffic c.docx7. Assignment- 700 words with 3 referencesWhen a traffic c.docx
7. Assignment- 700 words with 3 referencesWhen a traffic c.docx
 
What Social Engineering is.pdf
What Social Engineering is.pdfWhat Social Engineering is.pdf
What Social Engineering is.pdf
 

Recently uploaded

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 

Recently uploaded (20)

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 

Norman critical thinking 1

  • 2. WHAT IS SOCIAL ENGINEERING?
  • 3. Social engineering is the acquisition of confidential information from users that will be used to cause damage or “harm” to a company A social engineer preys upon a company or a user’s vulnerabilities by gaining trust through the impersonation of a valued employee or business Social engineering attacks can be physical and psychological SOCIAL ENGINEERING
  • 4. WHAT ARE THE IMPLICATIONS FOR SOCIAL ENGINEERING ATTACKS?
  • 5. Social engineering attacks can be physical and psychological • Physical Attacks: According to Dhillon, in order for a physical attack to occur, the social engineer must physically be at the company’s or business’s physical location. (2013) • Psychological Attacks: The attacks occur through gaining trust by impersonating a valued person, such as, a help desk technician. “Attackers use persuasive techniques… to convince, user to help them” (Dhillon, 2013 p. 234). IMPLICATIONS
  • 6. Some implications that social engineering is taken place within a business are: -If a person is being too helpful or friendly in regards to solving a system issue. -If outside assistance are reaching out and asking for personal login information -If the person is asking for information outside of their prescribed security level -Unusual daily activity within a system by a user -Fraudulent charges found by customers through credit card statements IMPLICATIONS
  • 7. HOW AND WHY DOES A SECURITY BREACH HAPPEN?
  • 8. Security breaches happen when the company and the employee fail to follow proper information security measures. -According to the readings, security breaches happen because of an employee blindly gives out information to a seemingly entrusted individual. -Guidelines in a company’s security policy do not specifically cover all bases of securing the company’s information. SECURITY BREACH
  • 10. Technical vulnerabilities are risks that are presented to a company’s computers, databases, and software systems. According to Dhillon (2013), some technical vulnerabilities that a company may encounter are: -System Architecture Server -Routing and firewall -Website Vulnerabilities -Server Spoofing -HTTP Attacks TECHNICAL VULNERABILITIES
  • 11. Social vulnerabilities are those risks presented by users sharing personal information, not being careful with who accesses security information, and working in an environment that doesn’t take information security seriously. For example: -Sharing Passwords -Logging onto prohibited websites -Using your company computer for non-work related matters -Leaving personal/confidential information up on the computer screen when away from your workstation SOCIAL VULNERABILITIES
  • 13. The prevention of social engineering is quite simple. Company standards and expectations of their employees should go above and beyond when it comes to information security. The security policy should state thorough definitions and instructions for employees and others directly and indirectly involved in the company to follow HOW TO…
  • 14. The company’s technical security must never be compromised by a person impersonating a entrusted individual. Physical security must verify a person’s identity to ensure that a security breach does not take place A company website should not give out personal direct contact information of those individuals that hold positions that are imperative to the company’s information security. HOW TO…
  • 15. Dhillon, G. (2013). Enterprise Cyber Security: Principles and Practice. Washington, DC: Paradigm Books. RESOURCES
  • 16. How can an employee avoided being manipulated by a social engineer? QUESTION