- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive!
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top Security Risks
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
SANS InfoSec Reading Room - Social Engineering
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring 13 papers as of Feb 10, 2010
Social Engineering: Manipulating the Source- By: Jared Kee (posted on October 14, 2008)
- A company has a duty to every employee to inform and prepare them for social engineering attacks. If it fails to do so, it WILL become a victim of such attacks. The methods described in this paper will detail methods you can use for your company’s aversion of social engineers.
- Corporate Espionage 201
- By: Shane W. Robinson (posted on December 1, 2007)
- This paper presents some background information on corporate espionage, who is doing the spying, how it is being done, a few real life examples, and some guidelines to follow in order to protect a business from becoming a victim.
- Social Engineering: A Means To Violate A Computer System
- By: Malcolm Allen (posted on January 18, 2007)
- The purpose of this paper is to act as a guide on the subject of Social Engineering and to explain how it might be used as a means to violate a computer system(s) and/or compromise data and the counter-measures that can be implemented to protect against such an attacks.
- Corporate Identity Fraud: Life-Cycle Management of Corporate Identity Assets
- By: Bryan Fite (posted on April 3, 2006)
- The advent of the World Wide Web has provided many new and innovative ways for organizations to conduct business. It has also exposed organizations to new and innovative forms of trademark & brand abuse. Corporate Identity Fraud can be defined as the abuse of traditional and nontraditional identity assets with the intent to divert, deceive or defraud consumers.
- The Inside Story: A Disgruntled Employee Gets His Revenge
- By: Heather Kratt (posted on February 10, 2005)
- In this paper, I will present the fictional story of a disgruntled employee who exacts revenge on his employer by stealing sensitive customer information and posting it on a public website. While the character is fictional, the security risk he represents is quite real. I will describe his motive for attacking his employer's network, analyze the tools and techniques that he used to circumvent existing security measures, and detail the steps involved in the attack process.
- Psychology: A Precious Security Tool
- By: Yves Lafrance (posted on June 9, 2004)
- Security specialists have to master many technologies to help organizations being more secured. People tend to forget an important factor influencing computer security: The human factor. Understanding attackers' motivation can help to improve security measures.
- Social Engineering
- By: Aaron Dolan (posted on April 8, 2004)
- It's not always what you know, it's who you know. Whether it is a good deal on a product, a free place to stay on a vacation or the extra edge to beat out competition for a job, knowing the right people helps people get the things they want.
- Understanding and Auditing
- By: Chris Jones (posted on March 3, 2004)
- Social engineering is an oft-underestimated threat that can be warranted against through education and policies and procedures. While most companies are utilizing training and introducing new policies and procedures to combat social engineering, the only way they can be sure these methods are effective is through auditing specifically for these types of attacks.
- The Enemy Within: A System Administrator's Look at Network Security
- By: Lawrence Dubin (posted on October 31, 2003)
- This paper addresses the intrusion detection and measures of protection.
- A Multi-Level Defense Against Social Engineering
- By: David Gragg (posted on October 31, 2003)
- This paper will add value to the security community in three ways: by incorporating the current social psychological research into the discussion of understanding and resisting social engineering; by using the psychological literature to provide a multi-level defensive strategy for hardening employees to social engineering threats; and by developing the concept of "social engineering land mines" as a part of the multi-level defense against social engineering.
- The Threat of Social Engineering and Your Defense Against It
- By: Radha Gulati (posted on October 31, 2003)
- This paper describes various forms of Social Engineering, its cost to the organization and ways to prevent social engineering attacks, highlighting the importance of policy and education.
- A Proactive Defence to Social Engineering
- By: Wendy Arthurs (posted on October 31, 2003)
- This paper addresses the need for good policies to defend against social engineering attacks, as well as an effective, on-going security awareness program.
- Social Engineering Your Employees to Information Security
- By: Martin Manjak (posted on )
- Information security should be part and parcel of a set of internal controls that govern the processes, operations, and transactions that constitute the life of the organization.
Check Them Out!
Best IT Security return on Investment.
-Mario Chiock, Schlumberger
- © 2000-2010 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy