Official (ISC)2 Guide to the CISSP CBK by Hernandez Steven
Author:Hernandez, Steven [Hernandez, Steven]
Language: eng
Format: epub
ISBN: 978-1-4665-9793-8
Publisher: CRC Press
Published: 2013-08-09T14:00:00+00:00
Social Engineering
One method of compromising a system is to befriend users to gain information; especially vulnerable are individuals with system administrator access. Social engineering is the art of getting people to divulge sensitive information to others either in a friendly manner, as an attempt to be “helpful,” or through intimidation. It is sometimes referred to as people hacking because it relies on vulnerabilities in people rather than those found in software or hardware. While social engineering has many proper uses in management and training, in regard to information security social engineering is really only a fancy name for lying.
Social engineering comes in many forms, but they are all based on the principle of representing oneself as someone who needs or deserves the information to gain access to the system. For example, one method is for attackers to pretend they are new to the system and need assistance with gaining access. Another method is when attackers pretend to be a system staff member and try to gain information by helping to fix a computer problem, even though there is not a problem. Typically, therefore, social engineering is not considered to be a concern of software development and management. However, there are two major areas where social engineering should be considered in system development and management.
The first is in regard to the user interface and human factors engineering. It has frequently, and sadly, been the case where users have misunderstood the intent of the programmer with regard to the operation of certain commands or buttons, and sometimes the misunderstanding has had fatal results. (In one famous case, a correction to dosage levels on the input screen of a medical radiation treatment machine did not change the radiation-level settings, and dozens of patients suffered fatal overdoses before the problem was found and rectified.) The second issue of social engineering is in regard to its use in malicious software. Most malware will have some kind of fraudulent component, in an attempt to get the user to run the program, so that the malicious payload can perform undetected.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
International Integration of the Brazilian Economy by Elias C. Grivoyannis(57292)
The Radium Girls by Kate Moore(10903)
Turbulence by E. J. Noyes(7033)
Nudge - Improving Decisions about Health, Wealth, and Happiness by Thaler Sunstein(6629)
The Black Swan by Nassim Nicholas Taleb(6184)
Pioneering Portfolio Management by David F. Swensen(5599)
Rich Dad Poor Dad by Robert T. Kiyosaki(5140)
Zero to One by Peter Thiel(4818)
Man-made Catastrophes and Risk Information Concealment by Dmitry Chernov & Didier Sornette(4730)
Secrecy World by Jake Bernstein(3774)
Millionaire: The Philanderer, Gambler, and Duelist Who Invented Modern Finance by Janet Gleeson(3566)
Skin in the Game by Nassim Nicholas Taleb(3456)
The Age of Surveillance Capitalism by Shoshana Zuboff(3413)
The Money Culture by Michael Lewis(3277)
Skin in the Game: Hidden Asymmetries in Daily Life by Nassim Nicholas Taleb(3259)
Bullshit Jobs by David Graeber(3173)
The Dhandho Investor by Mohnish Pabrai(3162)
The Wisdom of Finance by Mihir Desai(3069)
Blockchain Basics by Daniel Drescher(2884)
