Return to home page
Searching: Bluffton library catalog
Some OPAL libraries remain closed or are operating at reduced service levels. Materials from those libraries may not be requestable; requested items may take longer to arrive. Note that pickup procedures may differ between libraries. Please contact your library for new procedures, specific requests, or other assistance.
Record 2 of 2
  Previous Record Previous Item Next Item Next Record
  Reviews, Summaries, etc...
Author Watson, Gavin, 1982-
Title Social engineering penetration testing : executing social engineering pen tests, assessments and defense / Gavin Watson, Andrew Mason, Richard Ackroyd ; foreword Chris Hadnagy.
Imprint Waltham, Massachusetts : Syngress, 2014.

View online
View online
Author Watson, Gavin, 1982-
Subject Social engineering.
Social Sciences.
Alt Name Mason, Andrew G.,
Ackroyd, Richard,
Description 1 online resource : illustrations
Note Print version record.
Bibliography Note Includes bibliographical references and index.
Summary This book gives the practical methodology needed to plan and execute a social engineering penetration test and assessment. It has insights into how social engineering techniques--including email phishing, telephone pretexting, and physical vectors--can be used to elicit information or manipulate individuals into performing actions that may aid in an attack. Using the book's easy-to-understand models and examples, the reader will have a much better understanding of how best to defend against these attacks. The authors show hands-on techniques they have used at RandomStorm to provide clients with valuable results that make a real difference to the security of their businesses. The book shows how to use widely available open-source tools to conduct pen tests and the practical steps to improve defense measures in response to test results. -- Edited summary from book.
Contents Front Cover; Social Engineering Penetration Testing; Copyright Page; Contents; Foreword; Acknowledgements; About the Authors; About the Technical Editor; 1 An Introduction to Social Engineering; Introduction; Defining social engineering; Examples from the movies; Sneakers; Hackers; Matchstick Men; Dirty Rotten Scoundrels; The Imposter; Famous social engineers; Kevin Mitnik; Frank Abagnale; Badir brothers; Chris Hadnagy; Chris Nickerson; Real-world attacks; The RSA breach; The Buckingham Palace breach; The Financial Times breach; The Microsoft XBox breach; Operation Camion; Summary.
2 The Weak Link in the Business Security ChainIntroduction; Why personnel are the weakest link; Secure data with vulnerable users; The problem with privileges; Data classifications and need to know; Security, availability, and functionality; Customer service mentality; Poor management example; Lack of awareness and training; Weak security policies; Weak procedures; Summary; 3 The Techniques of Manipulation; Introduction; Pretexting; Impersonation; Baiting; Pressure and solution; Leveraging authority; Reverse social engineering; Chain of authentication; Gaining credibility.
From innocuous to sensitivePriming and loading; Social proof; Framing information; Emotional states; Selective attention; Personality types and models; Body language; Summary; 4 Short and Long Game Attack Strategies; Introduction; Short-term attack strategies; Targeting the right areas; Using the allotted time effectively; Common short game scenarios; Long-term attack strategies; Expanding on initial reconnaissance; Fake social media profiles; Information elicitation; Extended phishing attacks; Gaining inside help; Working at the target company; Targeting partner companies.
Long-term surveillanceSummary; 5 The Social Engineering Engagement; Introduction; The business need for social engineering; Compliance and security standards; Payment Cards Industry Data Security Standard; ISO/IEC 27000 information security series; Human Resource Security, Domain 8; Physical and Environmental Security, Domain 9; Social engineering operational considerations and challenges; Challenges for the social engineers; Less mission impossible, more mission improbable; Dealing with unrealistic time scales; Dealing with unrealistic time frames; Taking one for the team; Name and shame.
Project managementChallenges for the client; Getting the right people; Legislative considerations; The Computer Misuse Act 1990 (UK)-; Section 1-Unauthorized access to computer material; Section 2-Unauthorized access with intent to commit or facilitate commission of further offenses; Section 3-Unauthorized acts with intent to impair or with recklessness as to impairing, operation of computer, etc.; The Police and Justice Act 2006 (UK)-
ISBN 9780124201828
1306642329 (ebk)
9781306642323 (ebk)
OCLC # 880637978
Additional Format Print version: Watson, Gavin, 1982- Social engineering penetration testing 9780124201248 (DLC) 2014003510 (OCoLC)871186904

If you experience difficulty accessing or navigating this content, please contact the OPAL Support Team