Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Dec 11, 2007

Microsoft advice on social engineering controls

A useful guide from Microsoft explains a range of controls to reduce the threat of social engineering attacks. It's a 37-page Word document. Here's an extract from the overview:
"To attack your organization, social engineering hackers exploit the credulity, laziness, good manners, or even enthusiasm of your staff. Therefore it is difficult to defend against a socially engineered attack, because the targets may not realize that they have been duped, or may prefer not to admit it to other people. The goals of a social engineering hacker—someone who tries to gain unauthorized access to your computer systems—are similar to those of any other hacker: they want your company’s money, information, or IT resources."

This document is part of Microsoft's Midsize Business Security Guidance collection.