Download presentation
Presentation is loading. Please wait.
1
Social Engineering Jero-Jewo
2
Social Engineering Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim. – www.wikipedia.orgconfidence trickfraud
3
Case study As a service provider, Duo Consulting helps clients manage the publication of critical business information on their web sites. Integrity and availability are important considerations for Duo when processing requests for changes 99% of requests from clients come from known client contacts.
4
Case Study There is currently a communication process in place to receive and manage requests. How should we handle requests from contacts that are not known?
5
Real World New request comes in from an unknown contact at Setton Farms for ftp access to their web server on a Saturday. Request bounces around until it comes to CTO. Requester is contacted and an inquiry is made about need for ftp access.
6
Real World Contact explains that there is an immediate need to publish critical information about a recall on their site and they have hired a designer to make the updates to their site.
9
What happened next? Question identity of requester Question authenticity of request
10
What’s missing? We do not have a policy or process in place to confirm identity of contacts making requests We do not have a list of authorized contacts There is a service level agreement in place for managed hosting - but nothing defined about emergency requests from clients that do not have a services support contract in place
11
Next Steps Solve the problems!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.