Mark works as a Security Administrator for TechMart Inc. The company has a a Windows-based
network. Mark has gone through a security audit for ensuring that the technical system is secure and
protected. While this audit, he identified many areas that need improvement. He wants to minimize
the risk for potential security threats by educating team members in the area of social engineering,
and providing basic security principle knowledge while stressing the Con?dentiality, Integrity, and
Availability triangle in the training of his team members . Which of the following ways will Mark use
for educating his team members on the social engineering process?
A.
He will call a team member while behaving to be someone else for gaining access to sensitive
information.
B.
He will use group policies to disable the use of floppy drives or USB drives.
C.
He will develop a social awareness of security threats within an organization.
D.
He will protect against a Distributed Denial of Services attack.
Explanation:
Social engineering can be defined as any type of behavior used to inadvertently or deliberately aid
an attacker in gaining access to an authorized user’s password or other sensitive information. Social
engineering is the art of convincing people and making them disclose useful information such as
account names and passwords. This information is further exploited by hackers to gain access to a
user’s computer or network. This method involves mental ability of people to trick someone rather
than their technical skills. A user should always distrust people who ask him for his account name,
password, computer name, IP address, employee ID, or other information that can be misused.Answer B is incorrect. The group policies are used to disable the use of floppy drives or USB drives
to ensure physical security of desktop computers. Several computers are able to use the mechanism
of attaching a locking device to the desktops, but disabling USB and floppy drives can disable a larger
set of threats.Answer D is incorrect. While stressing the Con? dentiality, Integrity, and Availability triangle in the
training of users, the process of providing availability is related to security training to ensure the
protection against a Distributed Denial of Services attack.