Conclusion
At this point you should have created a scenario where you act as the attacker and defender against a social engineering attack.
Hopefully this was a fun experience that allowed you to think on both sides of the information system. Thinking as a bad guy should give you additional insight on how to ensure the security of the systems that you are protecting. You should use these types of examples to train and educate all members of the organization that you are securing.
Do you feel that you are completely secured from social engineering now?... or do you believe that there are always new threats, new weaknesses, and a need for lifelong learning and training?
Hopefully you have really enjoyed learning about social engineering and some of the other threats facing information systems. If you would like to learn more about this topic then please visit the SANS (SysAdmin, Audit, Network, Security) InfoSec Reading Room on Social Engineering. http://www.sans.org/reading_room/
Hopefully this was a fun experience that allowed you to think on both sides of the information system. Thinking as a bad guy should give you additional insight on how to ensure the security of the systems that you are protecting. You should use these types of examples to train and educate all members of the organization that you are securing.
Do you feel that you are completely secured from social engineering now?... or do you believe that there are always new threats, new weaknesses, and a need for lifelong learning and training?
Hopefully you have really enjoyed learning about social engineering and some of the other threats facing information systems. If you would like to learn more about this topic then please visit the SANS (SysAdmin, Audit, Network, Security) InfoSec Reading Room on Social Engineering. http://www.sans.org/reading_room/