Security Awareness

Security Awareness

Social engineering techniques are a collection of tactics used to manipulate people into performing action or divulging confidential information (Turban & Volonino, 2011). It exploits an attack on information sources where sensitive information is obtained from unsuspecting targets through deception and trickery (Turban & Volonino, 2011). Social engineering exploits are directed at people not computer hardware or software. They can be initiated in person, via telephone, or a letter. During an exploit, the attacker request personal information using psychological tactics that encourage the target person to provide password or other important information (Turban & Volonino, 2011).

Sarbanes- Oxley Act (SOX) is an anti- fraud law. SOX is a bill that was specifically passed by the House and the Senate in order to focus on the accuracy and truthfulness of a corporation's financial records through tighter regulation and policies (SecPoint NEWS, 2010). Additionally, SOX set up comprehensive internal control to allow employees to be able to recognize and respond to social engineering techniques. The internal control is a process designed to achieve compliance with laws, regulations, and policies (SecPoint NEWS, 2010). SOX are making employees aware that internal control cannot be ignored. Furthermore, fraud prevention and detection require an effective monitoring system. Monitoring system allows the organization to monitor every employee during work hours. If any employee comments fraud, the organization could prosecute that person to the fullest extent of the law (SecPoint NEWS, 2010).

Companies can take several steps to prevent social engineering techniques within their office. Employees should ask for a photo identification of all visitors and verify that it is authentic. For example, a stranger might pretend to have a package that need to be delivered immediately and ask an actual employee with access to the secure building to open the door. Once inside, the unwanted visit could gain access to the organization computer and hack into personal information. Secondly, employees should be aware of bogus emails or telephone calls from attackers seeking personal information for their use. If employees suspect a bogus call, they should report it to their security hotline and make other colleagues aware of the potential attack. Lastly, employees should not supply list of other employees information without proper authority and confirming with their supervisor on what or if any information can be giving out.

References

SecPoint NEWS. (2010, March). SecPoint. Retrieved from http://www.secpoint.com/sox.html

Turban, E., & Volonino, L. (2011). Information Technology Management (8th ed.). Hoboken, NJ: John