Malware creators have used social engineering to maximize the range or impact of their viruses, worms, etc. For example, the ILoveYou worm used social engineering to entice people to open malware-infected e-mail messages. The ILoveYou worm attacked tens of millions of Windows computers in May 2000 when it was sent as an e-mail attachment with the subject line: ILOVEYOU. Often out of curiosity, people opened the attachment named LOVE-LETTER-FOR-YOU.TXT.vbs—releasing the worm. Within nine days, the worm had spread worldwide crippling networks, destroying files, and causing an estimated $5.5 billion in damages.
Notorious hacker Kevin Mitnick, who served time in jail for hacking, used social engineering as his primary method to gain access to computer networks. In most cases, the criminal never comes face-to-face with the victim, but communicates via the phone or e-mail.
Research Kevin Mitnick on the Internet. What was he able to do and how did he do it? Why did it take such a long time to be caught? How was he caught?
Please use at least 1 reference© BrainMass Inc. brainmass.com October 25, 2018, 9:46 am ad1c9bdddf
Social Engineering is the process of interacting with people to get them to, unknowingly, give you access to their system. The notorious Kevin Mitnick was known for his people skills and could manipulate people into giving out passwords to systems, or even clicking on an email. His charm and wit were more dangerous than his ability to remotely login into a server from another server going across known ports that were left unprotected and open to vulnerability (going DNS port 53 as an example).
Kevin started his exploits as a curiosity that became an obsession just to see what exactly it was that he could get away with. His obsession ...
This solution provides a discussion regarding hacking and social engineering.
Security Education and Training Awareness Programs
I am tasked to help develop a security and training awareness program for my small-to-medium organization (see scenario below).
"The Business Organisation is an information holdings with about 600 staff. A recent audit of the organisation's information security management system found it to be deficient in some key areas, notably incident response, disaster recovery and business continuity, social engineering exploitation of personnel, an apparent lack of personnel awareness of the various threats to information, and poor password security. Technical systems were found to be reasonably effective in maintaining database and document management security, and were well serviced by the IT team"
The proposed plan should include:
2. Topics to be covered
3. Level of learning (knowledge, skill or competence)
4. Recommended Instructional methods and media to use/support
5. Example of learning activities and exercises
6. Evaluation criteria
Some theory sources:
? The plan should be based on real commercial security education techniques, and your best knowledge and expertise in security education.
? Answers should not be theoretical definitions
? As far as possible, please avoid too much word-quoting from sources. Minor citation allowed
? Any citation must be from credible sources.View Full Posting Details