Prompt

After reviewing this module's reading and resources, address the critical elements listed below.

I. Summarize the significance of social engineering as an area for a security practitioner to have knowledge of.

II. Select one social engineering method from each of the categories in the list below. For each of your chosen methods, provide a brief description of how that method could be applied to expose an organization.

Social Engineering Methods

o Physical

▪ Dumpster diving

■ Shoulder surfing

■ Piggybacking/tailgating

▪ Baiting

o Psychological

■ Impersonation

■ Seduction

■ Persuasion/coercion

■ Reverse social engineering

o Technological

▪ Phishing

▪ Pharming

▪ Spim/smishing

▪ Spit

▪ Vishing

▪ Trojans and viruses

■ Man-in-the-middle

III. Select one of the case studies from Chapter 8 in Social Engineering: The Art of Human Hacking (linked in the Reading and Resources section of Module Five). Describe an appropriate method of training employees to reduce the threat of one of the social engineering methods used in

your selected case study. In your response, consider including the issues related to the following questions:

• What are the key warning signs that would indicate to an employee that they are a victim of social engineering?

• What are the best practices employees should be aware of concerning the social engineering method?

• What are ways training can help with getting employees to adopt the security mindset necessary to reduce the vulnerability to the social engineering threat?