1. Social Engineering Exploitation Of Personnel
1.1. DEFINITION OF SOCIAL ENGINEERING
1.1.1. Social engineering is the art of manipulating people into doing things, particularly security-related—such as giving away computer access or revealing confidential information. Rather than breaking into computer networks or systems, social engineers use psychological tricks on humans.
1.2. HOW TO PROTECT OURSELF FROM SOCIAL ENGINEERING ATTACKS
1.2.1. Be aware of the information you're releasing.
1.2.2. Stop revealing facts about your life to strangers
1.2.2.1. That information can be used to impersonate you. Many people base their passwords on their hobbies, answer security questions about where they live, or reveal their closest friends to anyone who views their online profiles.
1.2.3. Randomly generate answers to security questions
1.2.4. stop reusing your passwords
1.2.5. Never share your password over the phone
1.3. SOCIAL ENGINEERING CAN HAPPENED AT
1.3.1. ON CALL
1.3.2. ONLINE
1.3.3. IN THE OFFICE
2. Weak Information Security Management System
2.1. what is Information Security Management System?
2.1.1. An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
2.2. classified as a vulnerability
2.2.1. a vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.
2.3. Why do I need to have ISMS?
2.3.1. ISMS makes your investments into information security more efficient,
2.3.2. ISMS changes the culture in your company (brings responsibility and accountability)
2.3.3. Information and data sources are utilized more efficiently,
3. POOR PASSWORD SECURITY
3.1. Ways to improve
3.1.1. Make sure you use different passwords for each of your accounts.
3.1.2. Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.
3.1.3. Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
3.1.4. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password
3.1.5. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password
3.1.6. Be sure no one watches when you enter your password.