Social Engineering Defense Advanced: In-depth Strategies and Attacks (2 days)

 1,990.00 excl. VAT

In stock

In this course, managers and employees learn to understand, identify and respond to social engineering attacks. The program provides the knowledge necessary to recognize the most typical and frequently used types of attacks, and the appropriate response strategies for deterring and defending against potential threats.

Clear
Compare
SKU: N/A Category: Tags: ,

About the Course

This program helps managers and employees responsible for the protection of an organization’s information assets and technologies, to acquire in-depth understanding on the threat of social engineering. The course provides a deep-dive into how social engineering attacks are crafted and launched, what assets are used for creating attacks, and how these assets are being collected.

With a focus on preventing attackers from creating an attack from the earliest stages of their process, case studies and defense strategies are provided in every section of the attacker modus operandi.

In this course the delegates acquire the knowledge necessary to understand social engineering, and thus build better processes and strategies for the protection of their organization.
Basic knowledge on what social engineering is and how it works is required. This course includes practical exercises.

Target Audience

Managers and employees responsible for the protection of an organization’s information assets and technology.

  • Information Security Officers
  • System Administrators
  • IT Department personnel
  • Security consultants
  • & related positions

Duration & Delivery

2 days (09:00-17:00)

Language:

English

Course Synopsis

Introduction

  1. Security is not a technical issue alone
  2. The three attack vectors: Digital, Physical, Social
  3. Your security perimeter
  4. Multiple layers of security

Who is the attacker?

  1. Possible adversaries: competitors, employees, individuals, small groups, insiders, service providers, criminal organizations, nation states
  2. Social Engineering is a business, and a full-time profession

Frequent Target Groups

  1. IT personnel
  2. Senior management
  3. The C-suite
  4. Finance personnel
  5. Customer support agents
  6. Front-line personnel

Long term vs short term attack efforts

  1. Short term efforts
  2. Long term efforts: overt and covert asset cultivation

Social Engineering (SE) Modus Operandi Step 1: Reconnaissance

  1. Information Harvesting Methods: online and offline
  2. Open Source Intelligence Analysis (OSINT)
  3. Turning information into intelligence: how even seemingly innocent & irrelevant pieces ofinformation are puzzled together
  4. Profiling targets
  5. Selecting targets
  6. Identifying objectives
  7. Defense

SE Modus Operandi Step 2: Pretexting

  1. Crafting a strategy based on key-people profiles and vulnerabilities
  2. Constructing the attacker’s persona
  3. Cover story
  4. Defense

SE Modus Operandi Step 3: Initiating the Contact

  1. Establishing credibility
  2. Creating a hook

SE Modus Operandi Step 4: Exploitation

  1. Launching the attack
  2. Short term attack exploitation methodology
  3. Long term attack exploitation methodology
  4. Is any evidence left?

Is your social media content making you a target?

  1. Social Media is a primary source of information for attackers
  2. How your social media content can be used against you
  3. Cybersecurity hygiene advice for social media
  4. Attacks through social media
  5. Examples & Case Studies
  6. Defense

Weaponized Psychology

  1. Exploiting basic psychological wiring – the social engineering strategy
  2. Psychological exploitation & manipulation techniques
  3. Emotional elicitation
  4. Impersonation
  5. Time pressure
  6. The 6 fast-working psychological weapons of influence
  7. Examples & Case Studies
  8. Recognizing and responding to psychological attacks

Physical security

  1. Why social engineers will try to enter your establishment
  2. Covert entry methods
  3. Overt entry methods
  4. Privilege escalation
  5. Gaining unauthorized access further into the building
  6. What assets can be stolen/ compromised?
  7. Defense

Policies & Procedures

  1. Convenience vs security
  2. What policies?
  3. What procedures?
  4. Example: Visitor policy best practice
  5. Example: Firing disgruntled employees
  6. Example: Best practices for third party vendors entering the establishment

Evaluating risks and building a defense strategy

  1. Identifying risks
  2. Evaluating risks
  3. Challenges for defenders
  4. Creating a defense strategy

Communicating Security Needs Effectively

Concluding Remarks

Additional information

Region

Germany

Location

Munich

Date

22 Apr 2019, 24 Apr 2019

Vendor Information

  • Store Name: Cyber Risk GmbH
  • Vendor: Christina Lekati
  • Address: Rebackerstrasse 7
    8810 Horgen
    Switzerland
  • No ratings found yet!

Amazic Knowledge

Social Engineering Defense Advanced: In-depth Strategies and Attacks (2 days)

 1,990.00 excl. VAT

Add to Cart