Submitted by: Submitted by billdo44
Views: 207
Words: 1430
Pages: 6
Category: Science and Technology
Date Submitted: 02/26/2014 04:51 PM
Case Study 2: Social Engineering Attacks and Counterintelligence
John Doe
CIS 502 - Theories of Security Management
October 26, 2013
Dr. Smith
Case Study 2: Social Engineering Attacks and Counterintelligence
Describe what social engineering and counterintelligence are and their potential implications to our national security in regard to the leaked Afghan War Diary and the Iraq War Logs
The United States Computer Emergency Readiness Team (US-CERT) defines a social engineering attack as “an attacker that uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity” (Avoiding Social Engineering and Phishing Attacks, 2008). There are several different categories individuals and organizations use to perform social engineering; Hackers, Penetration Testers, Spies or Espionage, Identity Thieves, Disgruntled Employees, Information Brokers, Scam Artists, Executive, Recruiters, Sales People, Governments and Everyday People. One of the most prevalent forms is via the disgruntled employee. The disgruntled inside employee with even minimum access is a principal source of computer crime. In most cases, the organization will heavily defend against outside intrusion, but are either restricted from monitoring insider actions, or are unable to determine if an action is a threat or the normal part of a person’s tasking. “Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data” (2008).
Even though the disgruntled employee is a major target for social engineering, the employee that is believes they are security conscience is often the ultimate threat to the organization. The...