Section 05: Social Engineering Countermeasures

Countermeasures

• Security awareness training.

• Be skeptical.

• Have an incident response plan.

• Perform background checks.

• Apply concept of least privileges.

In particular, against phishing

• Security awareness training.

• Perform phishing campaigns internal to company.

• Check URL links by hovering over them.

• Check for grammar mistakes.

Data loss prevention (DLP)

Data loss prevention (DLP) software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use (endpoint actions), in motion (network traffic), and at rest (data storage).

IDS (Intrusion detection system)

An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations.

Splunk

Splunk is the data platform that powers enterprise observability, unified security and limitless custom applications in hybrid environments.

Security information and event management (SIEM)

Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Vendors sell SIEM as software, as appliances, or as managed services; these products are also used to log security data and generate reports for compliance purposes.

Separation of duties

Separation of duties (SoD), also known as segregation of duties is the concept of having more than one person required to complete a task. It is an administrative control used by organisations to prevent fraud, sabotage, theft, misuse of information, and other security compromises.

Least privilege

In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose.

Background check

A background check is a process a person or company uses to verify that an individual is who they claim to be, and this provides an opportunity to check and confirm the validity of someone's criminal record, education, employment history, and other activities from their past.

Defense-in-depth

Defense in depth is a concept used in information security in which multiple layers of security controls (defense) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedural, technical and physical security for the duration of the system's life cycle.

Zero trust

The zero trust security model, also known as zero trust architecture (ZTA), zero trust network architecture or zero trust network access (ZTNA), and sometimes known as perimeterless security, describes an approach to the design and implementation of IT systems.

Links

• https://en.wikipedia.org/wiki/Data_loss_prevention_software

• https://en.wikipedia.org/wiki/Intrusion_detection_system

• https://www.splunk.com

• https://en.wikipedia.org/wiki/Separation_of_duties

• https://en.wikipedia.org/wiki/Principle_of_least_privilege

• https://en.wikipedia.org/wiki/Background_check

• https://en.wikipedia.org/wiki/Defense_in_depth_(computing)

• https://en.wikipedia.org/wiki/Zero_trust_security_model

• https://en.wikipedia.org/wiki/Security_information_and_event_management