Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

An introduction to Information Security ... > The people and personalities of info... - Pg. 215

194 CHAPTER 8 Information security awareness training Could this actually happen? Yes! Is it more likely to happen at your company? Depends! Is there anything you can do to avoid such a calamity? No! There is no safe haven unless you can get in front of the risk. Unfortunately, as in Morse's time, the risks existed, albeit not as severe as we face today. The "unknowns" only need to get it right once. Your company needs to get it right 100% of the time. The question is: "How do you stop the `unknowns' from getting it right once and to what degree?" "Is it luck?" They do it through excellent understanding of systems, networks, applications, and they do it the old-fashion low tech way. They simply walk into your business and steal information--sensitive information left lying around, the password taped under the keyboard, the printed data left at the copier, the sensitive infor- mation in the trash basket, the cupboard left unsecured, the laptop left unattended. Yes, they do it the old-fashion way by making a call and simply asking for sensitive information. These are the "unknowns" who look or sound like they be- long, make themselves appear to be credible with a valid need to know. These "unknowns" are often referred to as social engineers. Adept, smart, they use the employee's desire to provide good customer/client service to gather sensitive information.