One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 435790 |
| Date de publication | 2017-11-20 18:14:49 (vue: 2017-11-20 18:14:49) |
| Titre | NBlog November 20 - an A to Z catalog of social engineering |
| Texte |  A productive couple of days' graft has seen what was envisaged to be a fairly short and high-level general staff awareness briefing on social engineering morph gradually into an A-to-Z list of scams, con-tricks and frauds.It has grown to about 9 pages in the process. That may sound like a tome, over-the-top for awareness purposes ... and maybe it is, but the scams are described in an informal style in just a few lines each, making it readable and easily digestible. The A-to-Z format leads the reader naturally through a logical sequence, perhaps skim-reading in places and hopefully stopping to think in others.For slow/struggling readers, there are visual cues and images to catch their eyes but let's be honest: this briefing is not for them. They would benefit more from seminars, case studies, chatting with their colleagues and getting involved in other interactive activities (which we also support through our other awareness content). The NoticeBored mind maps and posters, for instance, express things visually with few words.Taking a step back from the A-Z list, the sheer variety and creativity of scams is fascinating, and I'm not just saying that because I wrote it! That's a key security awareness lesson in itself. Social engineering is hard to pin down to a few simple characteristics, in a way that workers can be expected to recognize easily. Some social engineering methods, such as ordinary phishing, are readily explained and fairly obvious but even then there are more obscure variants (such as whaling and spear phishing) that take the technique and threat level up a gear. It's not feasible for an awareness program to explain all forms of social engineering in depth, literally impossible in fact. It's something that an intensive work or college course might attempt, perhaps, for fraud specialists who will be fully immersed in the topic, but that's fraud training, not security awareness. We can't bank on workers taking time out from their day-jobs to sit in a room, paying full attention to their lecturers and scribbling notes for hour after hour. There probably aren't 'lecturers' in practice: most of this stuff is delivered online today, pushed out impersonally through the corporate intranet and learning management systems.Our aim is to grab workers' |
| Envoyé | Oui |
| Condensat | it about activities after aim all also are aren attempt attention awareness back bank because benefit benign briefing but can care case catalog catch characteristics chatting colleagues college con content copy corporate couple course creativity cues day days delivered depth described digestible down each easily email engineering envisaged even expected explain explained express eyes fact fairly fascinating feasible fleetingly form format forms fraud frauds free from full fully future: gear general getting grab gradually graft grown guidance hard has high honest: hopefully hour images immersed impart impersonally impossible include informal information instance intensive interactive intranet involved itself jobs just key leads learning lecturers lesson let level like lines list literally logical making management maps may maybe methods might mind more morph most motivate naturally nblog not notes noticebored november obscure obvious online ordinary other others out over pages paying perhaps phishing pin places posters practice: probably process productive program purposes pushed readable reader readers readily reading recognize room saying scams scribbling security seen seminars sequence sheer short should simple sit skim slow/struggling social some something sound spear specialists staff step stopping studies stuff style such support systems take taking technique that them then things think threat through time today tome top topic training tricks useful variants variety visual visually way whaling what which who will words work workers would wrote |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.