Avoid logging out of a session where you used your

password in a public computer or kiosk

Use strong authentication methods such as Kerberos and

SecureID

Be aware of social engineering attacks aimed at

obtaining passwords

Avoid using software on your computer that recalls

your passwords and automatically fills them in for you

In providing assistance in solving a problem, the

attacker gains the

Sabotaging the target’s equipment

Making it difficult for the target victim to contact

the attacker

Ensuring the target is aware that the attacker is a

person of authority with the skills needed to repair the equipment

(advertising)

Shredding discarded paper documents

Encrypting hard drives

Leaving sensitive documents unlabeled

Securing sensitive documents in locked cabinets

Because social engineering does not bypass technical

protection mechanisms, it is not a very great threat

Social engineering allows an attacker to bypass the

best technical protection mechanisms and acquire critical data from

unsuspecting human sources

Social engineering allows an attacker to bypass the

best technical protection mechanisms, but is not effective in acquiring

critical data from unsuspecting human sources

Social engineering does not allow an attacker to

bypass the best technical protection mechanisms and acquire critical data from

electronic devices

Employee awareness training

Policies and procedures

Providing passwords by telephone

Information and document classification

Social engineering

Shoulder surfing

Phishing

Dumpster diving

Disgruntled employee

Malicious software (malware)

Hacker or cracker

Auditors

Session hijacking

Social engineering

Distributed Denial of Service

Spoofing

Physical security

Certification

Employee awareness training

Policies and procedures

Judgment-based and computer-based

Human-based (person-to-person) and computer-based

Human-based (person-to-person) and social-based

Technical-based and computer-based