Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Engineering Brock’s Cyber Security Awareness Committee

Published byPhilip Blake Modified over 6 years ago

Similar presentations

Presentation on theme: "Social Engineering Brock’s Cyber Security Awareness Committee"— Presentation transcript:

1 Social Engineering Brock’s Cyber Security Awareness Committee
Presents: Social Engineering

2 Social Engineering Insert title here What is It?
Cyber Security Awareness Committee Insert title here Social Engineering What is It?

3 Cyber Security Awareness Committee
Social Engineering Social engineering is a discipline in social science that refers to efforts to influence particular attitudes and social behaviors... Wikipedia

4 Cyber Security Awareness Committee
Social Engineering Any act that influences a person to take an action that may or may not be in their best interest.

5 Cyber Security Awareness Committee
Advertising

6 Cyber Security Awareness Committee
Any act that influences a person to take an action that may or may not be in their best interest. Advertising

7 Cyber Security Awareness Committee
Family Influence

8 Cyber Security Awareness Committee
Any act that influences a person to take an action that may or may not be in their best interest. Family Influence

9 Cyber Security Awareness Committee
Elementary School

10 Cyber Security Awareness Committee
Any act that influences a person to take an action that may or may not be in their best interest. Elementary School

11 Cyber Security Awareness Committee
Religious Thought

12 Cyber Security Awareness Committee
Any act that influences a person to take an action that may or may not be in their best interest. Religious Thought

13 Cyber Security Awareness Committee
Political Discourse

14 Cyber Security Awareness Committee
Any act that influences a person to take an action that may or may not be in their best interest. Political Discourse

15 Cyber Security Awareness Committee
Peer Pressure

16 Cyber Security Awareness Committee
Any act that influences a person to take an action that may or may not be in their best interest. Peer Pressure

17 Social Engineering: Security Context
Cyber Security Awareness Committee Social Engineering: Security Context noun The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Google

18 Social Engineering: Defined on CITS’ Web Site
Cyber Security Awareness Committee Social Engineering: Defined on CITS’ Web Site Social Engineering is any act that influences a person to take an action that may or may not be in their best interests. It's the art of gaining access to buildings, systems or information by exploiting human psychology, rather than breaking in, or using technical hacking techniques. It's the art of manipulating people so they give up confidential information or allow access to restricted areas.

19 Social Engineering: Security Context
Cyber Security Awareness Committee Insert title here Social Engineering: Security Context Various Forms

20 Social Engineering Insert title here Pretexting
Cyber Security Awareness Committee Insert title here Social Engineering Pretexting

21 Cyber Security Awareness Committee
Pretexting Using a fictitious scenario (ie the pretext) the criminal establishes trust—perhaps through impersonation—which is leveraged to create a false motive for an unsuspecting individual to divulge information or do something he or she normally would not do.

22 Cyber Security Awareness Committee
Pretexting Sometimes it doesn’t even have to be a lie! What if you told people that you were from the Jimmy Kimmel Show and you were checking if people were using secure enough passwords…

23 Cyber Security Awareness Committee
Pretexting

24 Social Engineering Insert title here Vishing
Cyber Security Awareness Committee Insert title here Social Engineering Vishing

25 Pretexting: Special Case
Cyber Security Awareness Committee Pretexting: Special Case Vishing: Making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information or do something they would not normally do.

26 Cyber Security Awareness Committee
Pretexting

27 Another Kind of Vishing
Cyber Security Awareness Committee Another Kind of Vishing Some criminals prompt targets to phone a number they claim is from a trusted institution to verify their personal information. The mark calls in and provides their private information to an Interactive Voice Response system.

28 Pretexting: Duping the Help Desk
Cyber Security Awareness Committee Pretexting: Duping the Help Desk

29 Cyber Security Awareness Committee
Social Engineering: But the bad guys can turn the tables on your help desk experience too.

30 Social Engineering Insert title here Quid Pro Quo
Cyber Security Awareness Committee Insert title here Social Engineering Quid Pro Quo

31 Social Engineering: Quid Pro Quo – Something for Something
Cyber Security Awareness Committee Social Engineering: Quid Pro Quo – Something for Something The attacker calls extensions at a company claiming to follow up on a technical problem. Eventually finds someone with an issue. In the course of providing tech support, the end user provides system access or types in a malicious command.

32 Social Engineering Insert title here Water Holing
Cyber Security Awareness Committee Insert title here Social Engineering Water Holing

33 Social Engineering: Water Holing
Cyber Security Awareness Committee Social Engineering: Water Holing The attacker finds a weakness in a legitimate website known for attracting a target group. Using the compromised site, visitor systems are infected with malware because people trust the site owners.

34 Social Engineering Insert title here Tailgating
Cyber Security Awareness Committee Insert title here Social Engineering Tailgating

35 Social Engineering: Tailgating
Cyber Security Awareness Committee Social Engineering: Tailgating The attacker seeks access to a restricted area. Simply walks in behind a person with legitimate access.

36 Social Engineering: Tailgating
Cyber Security Awareness Committee Social Engineering: Tailgating

37 Social Engineering Insert title here Baiting
Cyber Security Awareness Committee Insert title here Social Engineering Baiting

38 Social Engineering: Baiting
Cyber Security Awareness Committee Social Engineering: Baiting Attackers leave malware-infected DVDs or USB flash drives in locations people will find them, giving them names that pique people’s curiosity. An employee looking out of curiosity or to determine how to return it puts it in his or her system and gets infected.

39 Social Engineering: Don’t Plug In ‘Found’ USBs
Cyber Security Awareness Committee Social Engineering: Don’t Plug In ‘Found’ USBs

40 Social Engineering: And there’s much, much more….
Cyber Security Awareness Committee Social Engineering: And there’s much, much more…. Like phishing s that will get a talk of its own. Like virus hoaxes, Smishing (SMS phishing) Like tricking users to copy and paste malicious code into their browser’s web development console,….

41 DEFENSE What can we do about it? A discussion.
Cyber Security Awareness Committee What can we do about it? A discussion. DEFENSE

42 Cyber Security Awareness Committee

43 Don’t Underestimate the Power of Common Sense
Cyber Security Awareness Committee Don’t Underestimate the Power of Common Sense

44 Cyber Security Awareness Committee
Defense Scrutinize what information in the workplace is sensitive and evaluate exposure to breakdowns in security—including social engineering. Establish security protocols, policies, and procedures for handling sensitive information.

45 Cyber Security Awareness Committee
Defense Train employees in the security protocols relevant to their position Periodically test the systems to make sure they work.

46 Cyber Security Awareness Committee
Defense Periodically Review your defensive posture to make sure that your systems, procedures, protocols and training are up-to-date. Make sure that private documents are adequately handled by shredding or secure disposal.

47 Cyber Security Awareness Committee

Download ppt "Social Engineering Brock’s Cyber Security Awareness Committee"

Similar presentations

A note for you We have created this presentation for you, the outstanding employee who has IT security on the brain. We want to help you spread the word.

A note for you We have created this presentation for you, the outstanding employee who has IT security on the brain. We want to help you spread the word.
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
SOCIAL ENGINEERING ATTACKS GOWTHAM RAM RAJARAM VIGNESH SELVAKUMAR SELLAMUTHU.

SOCIAL ENGINEERING ATTACKS GOWTHAM RAM RAJARAM VIGNESH SELVAKUMAR SELLAMUTHU.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
The Art of Social Hacking

The Art of Social Hacking
Aleksandra Kurbatova 111611 IVCM.  What is social engineering?  Types  Pretexting  …  Summary  Conclusion.

Aleksandra Kurbatova IVCM.  What is social engineering?  Types  Pretexting  …  Summary  Conclusion.
Information Security Awareness Training

Information Security Awareness Training
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.

The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Bank Crime Investigation Techniques by means of Forensic IT

Bank Crime Investigation Techniques by means of Forensic IT
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Social Engineering UTHSC Information Security Team.

Social Engineering UTHSC Information Security Team.
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.

Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
What is Social Engineering. Pretexting Pretexting is the act of creating and using an invented scenario called the Pretext to persuade a target to release.

What is Social Engineering. Pretexting Pretexting is the act of creating and using an invented scenario called the Pretext to persuade a target to release.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

Similar presentations

Ads by Google