Social Engineering Presentation 2008 Linkedin[1]

Corporate Information Security: New Trends in Corporate Information Loss Tim Rhodes Provizio 208-629-3300

Learning Objectives ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Economic & Industrial Espionage ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],1. Source: Annual Report to Congress on Foreign Economic & Industrial Espionage – Feb 2005

Successful Espionage Tactics Source : Defense Security Service Combating social engineering is JUST AS Important as the tactics, processes, and prevention strategies used to combat hacking

Common Social Engineering Methods Source : Defense Security Service ,[object Object],[object Object],[object Object],[object Object],[object Object]

How Social Engineering Works ,[object Object],[object Object],[object Object],[object Object],Collection is cyclical, with every piece of information being valuable. Cycle is restarted & used until objective is met. Development of Relationship Information Gathering Exploitation of Relationship Execution to Achieve Objective

How Social Engineering Works ,[object Object],[object Object],[object Object],Effective SEs are creative in their approach by identifying multiple sources that may even have a minor “ piece ” of the “ puzzle ”

How Social Engineering Works ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

How Social Engineering Works ,[object Object],[object Object],[object Object],[object Object],[object Object],Target Company

Social Engineering Methods ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Social Engineering Methods ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Actual Profile on Linkedin.Com Profile provides in-depth specifics on job responsibilities as well as confidential budget & earning figures

Social Engineering Methods ,[object Object],[object Object],[object Object],[object Object],Audio/Video Wireless “ Bug ” (1,000 feet transmission range); $90 from SpyWorld.com Small FM Wireless “ Bug ” (1/2 mile transmission range); $45 from SpyCraft.com Prepaid cell phone (Unlimited transmission range); $45 Baby Monitor (1,000 feet transmission range); $80 retail

Social Engineering Methods ,[object Object],[object Object],[object Object],[object Object],[object Object]

The Art of Human Persuasion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

The Art of Human Persuasion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

The Art of Human Persuasion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Techniques can be combined to leverage specific information or dig further into a subject;

Social Engineering : Sources vs. Assets ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Legal & Ethical Legal But Unethical Illegal Use of Secondary sources Proper use of Primary sources All interviews & discussions in true name (no misrepresentation) No collection of known confidential information (rather, use multiple data sources and analyze “ pieces ” of data together into your “ puzzle picture ” ) Use of HUMINT using different name (misrepresentation) Ex: MBA student, journalist, potential investor, etc Seeking confidential information (single source interviews) Use of social engineering-Misrepresentation to gain confidential information Using technical means to acquire information (listening devices or “ bugs ” , video surveillance, etc) Bribery to obtain information (exchanging money for information or holding information over someone to force information) Espionage Vs. Competitive Intelligence ,[object Object],[object Object],[object Object]

Detecting Social Engineering ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Protecting Your Company ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Additional Recommendations ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Social Engineering Presentation 2008 Linkedin[1]

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a Social Engineering Presentation 2008 Linkedin[1]

Semelhante a Social Engineering Presentation 2008 Linkedin[1] (20)

Social Engineering Presentation 2008 Linkedin[1]