30 July 2019

IT: Social Engineering (Definitions)

"Using trickery and charm to extract security information such as passwords from an individual." (Andy Walker, "Absolute Beginner’s Guide To: Security, Spam, Spyware & Viruses", 2005)

"A nontechnological method for gaining unauthorized access to a computer system by tricking people into revealing access information." (Jan L Harrington, "Relational Database Design and Implementation"3rd Ed., 2009)

"Collection of tactics used to manipulate people into performing actions or divulging confidential information." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

"Obtaining or attempting to obtain otherwise secure data with fraud and deceit by tricking an individual into revealing confidential information." (Bill Holtsnider & Brian D Jaffe, "IT Manager's Handbook" 3rd Ed., 2012)

"The art of manipulating people into performing desired actions." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"Gaining unauthorized access by tricking someone into divulging sensitive information." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"It describes a type of intrusion that relies heavily on human interaction rather than on specific technical methods. It often involves deceitful approaches to obtain, for example, sensitive information, and break into computer systems." (Hamid R Arabnia et al, "Application of Big Data for National Security", 2015)

"The act of manipulating people into divulging information." (Weiss, "Auditing IT Infrastructures for Compliance, 2nd Ed", 2015)

"The art of obtaining someone's password either by befriending her or tricking her into sharing it." (Faithe Wempen, "Computing Fundamentals: Introduction to Computers", 2015)

"The practice of obtaining confidential information by manipulating users in social communication." (Mike Harwood, "Internet Security: How to Defend Against Attackers on the Web 2nd Ed.", 2015)

"The process of attempting to trick someone into revealing information (for example, a password) that can be used to attack an enterprise or into performing certain actions, such as downloading and executing files that appear to be benign but are actually malicious." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The psychological manipulation of people into unwittingly performing actions favorable to an attacker, such as divulging passwords or other confidential information." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

No comments:

Related Posts Plugin for WordPress, Blogger...

About Me

My photo
IT Professional with more than 24 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.