Return to home page
Searching: Bluffton library catalog
Some OPAL libraries remain closed or are operating at reduced service levels. Materials from those libraries may not be requestable; requested items may take longer to arrive. Note that pickup procedures may differ between libraries. Please contact your library for new procedures, specific requests, or other assistance.
  Previous Record Previous Item Next Item Next Record
  Reviews, Summaries, etc...
EBOOK
Author Watson, Gavin, 1982-
Title Social engineering penetration testing : executing social engineering pen tests, assessments and defense / Gavin Watson, Andrew Mason, Richard Ackroyd ; foreword Chris Hadnagy.
Imprint Waltham, Massachusetts : Syngress, 2014.

LOCATION CALL # STATUS MESSAGE
 OHIOLINK SAFARI EBOOKS    ONLINE  
View online
LOCATION CALL # STATUS MESSAGE
 OHIOLINK SAFARI EBOOKS    ONLINE  
View online
Author Watson, Gavin, 1982-
Subject Social engineering.
Social Sciences.
Alt Name Mason, Andrew G.,
Ackroyd, Richard,
Description 1 online resource : illustrations
Note Print version record.
Bibliography Note Includes bibliographical references and index.
Summary This book gives the practical methodology needed to plan and execute a social engineering penetration test and assessment. It has insights into how social engineering techniques--including email phishing, telephone pretexting, and physical vectors--can be used to elicit information or manipulate individuals into performing actions that may aid in an attack. Using the book's easy-to-understand models and examples, the reader will have a much better understanding of how best to defend against these attacks. The authors show hands-on techniques they have used at RandomStorm to provide clients with valuable results that make a real difference to the security of their businesses. The book shows how to use widely available open-source tools to conduct pen tests and the practical steps to improve defense measures in response to test results. -- Edited summary from book.
Contents Front Cover; Social Engineering Penetration Testing; Copyright Page; Contents; Foreword; Acknowledgements; About the Authors; About the Technical Editor; 1 An Introduction to Social Engineering; Introduction; Defining social engineering; Examples from the movies; Sneakers; Hackers; Matchstick Men; Dirty Rotten Scoundrels; The Imposter; Famous social engineers; Kevin Mitnik; Frank Abagnale; Badir brothers; Chris Hadnagy; Chris Nickerson; Real-world attacks; The RSA breach; The Buckingham Palace breach; The Financial Times breach; The Microsoft XBox breach; Operation Camion; Summary.
2 The Weak Link in the Business Security ChainIntroduction; Why personnel are the weakest link; Secure data with vulnerable users; The problem with privileges; Data classifications and need to know; Security, availability, and functionality; Customer service mentality; Poor management example; Lack of awareness and training; Weak security policies; Weak procedures; Summary; 3 The Techniques of Manipulation; Introduction; Pretexting; Impersonation; Baiting; Pressure and solution; Leveraging authority; Reverse social engineering; Chain of authentication; Gaining credibility.
From innocuous to sensitivePriming and loading; Social proof; Framing information; Emotional states; Selective attention; Personality types and models; Body language; Summary; 4 Short and Long Game Attack Strategies; Introduction; Short-term attack strategies; Targeting the right areas; Using the allotted time effectively; Common short game scenarios; Long-term attack strategies; Expanding on initial reconnaissance; Fake social media profiles; Information elicitation; Extended phishing attacks; Gaining inside help; Working at the target company; Targeting partner companies.
Long-term surveillanceSummary; 5 The Social Engineering Engagement; Introduction; The business need for social engineering; Compliance and security standards; Payment Cards Industry Data Security Standard; ISO/IEC 27000 information security series; Human Resource Security, Domain 8; Physical and Environmental Security, Domain 9; Social engineering operational considerations and challenges; Challenges for the social engineers; Less mission impossible, more mission improbable; Dealing with unrealistic time scales; Dealing with unrealistic time frames; Taking one for the team; Name and shame.
Project managementChallenges for the client; Getting the right people; Legislative considerations; The Computer Misuse Act 1990 (UK)-http://www.legislation.gov.uk/ukpga/1990/18; Section 1-Unauthorized access to computer material; Section 2-Unauthorized access with intent to commit or facilitate commission of further offenses; Section 3-Unauthorized acts with intent to impair or with recklessness as to impairing, operation of computer, etc.; The Police and Justice Act 2006 (UK)-http://www.legislation.gov.uk/ukpga/2006/48/contents.
ISBN 9780124201828
0124201822
1306642329 (ebk)
9781306642323 (ebk)
0124201245
9780124201248
9780124201248
OCLC # 880637978
Additional Format Print version: Watson, Gavin, 1982- Social engineering penetration testing 9780124201248 (DLC) 2014003510 (OCoLC)871186904


If you experience difficulty accessing or navigating this content, please contact the OPAL Support Team