Supporting Activities
Adam Kacho
BSA 310 Business Systems
October 23, 2012
Carlos Perales, MSCIS
Discussion Question 1
• Discuss the role that preparing employees to recognize and respond to social engineering techniques should play in the organization’s overall information security program.
Preparing employees to recognize and respond to social engineering techniques requires training, awareness, and accountability. By reviewing and following the employees organizational security policies through training, they can determine the appropriate response to whether or not they should provide sensitive information requested from them through social engineering. Guidelines are typically in place for employees to follow and generally include:
• “Be cautious when someone requests sensitive information from you; verify the requester's identity and ensure that the requester is entitled to the information before giving it out. • Consider asking him why he wants the information, and then ask an authorized colleague whether or not the requester is actually entitled to the information. • Request proof of identity, whether on the phone or in person. If identification is provided or otherwise visible, verify its validity before providing the requested information. Don't be afraid to place the caller on hold, or get a number and call him or her back, so that you can verify the requester's identity and the validity of the request. • Ask the requester to repeat the request. Take notes, then have him repeat the request again. If discrepancies arise, be wary and submit your notes as part of reporting the incident to the proper authorities. • Consider the security impact if you were to provide the requested information. Although solving a problem or making the requester happy can be a natural