Social Engineering - Understanding and Auditing

Social engineering is an oft-underestimated threat that can be warranted against through education and policies and procedures. While most companies are utilizing training and introducing new policies and procedures to combat social engineering, the only way they can be sure these methods are effective is through auditing specifically for these types of attacks. However,before auditing can take place, it is important to understand the social engineers methods and strategies. It is also important to identify the most common defenses against social engineering.

Once there is a clear understanding of the threat of social engineering and defenses against it, it is possible to begin planning an audit. Then we may explore some simple techniques security personnel may use in emulating these methods for their own audits. By utilizing these methods,it may be possible for security personnel to reduce the risk of a breach through social engineering.

They may also develop these techniques into even more complex strategies to further enhance their internal audits.