- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
A Multi-Level Defense Against Social Engineering
- Abstract
- Social engineering, the process of deceiving people into giving away access or confidential information, is a formidable threat to most secured networks. While there is plenty of information on social engineering, the threat is considered very real and not easily defended. This paper will discuss the basics of social engineering by giving a general overview. It will then discuss the psychological triggers that make social engineering so successful. These triggers include strong affect, overloading, reciprocation, deceptive relationships, diffusion of responsibility and moral duty, authority, and integrity and consistency. Finally, this paper will define a multi-level defense that will address these psychological triggers. The levels of defense that are defined are security policy, security awareness training, resistance training, ongoing reminders, social engineering land mines and incident response. Social engineering land mines (SELM) are procedures or policies that, when implemented, act as an intrusion detection system for social engineering.