How to Perform and Combat Social Engineering
Summary
This article, originally published in the InfoSec Survival Guide, discusses methods for both conducting and defending against social engineering attacks. It is available for free online or as a physical copy.
IFF Assessment
FOE
The article discusses social engineering, which is a threat to defenders as it exploits human psychology to gain unauthorized access.
Defender Context
Social engineering remains a prevalent threat as it bypasses technical controls by targeting human vulnerabilities. Defenders should focus on continuous security awareness training, emphasizing critical thinking and reporting suspicious activities, and implementing robust verification processes for sensitive requests.