Valentines Day and Data Security
Submit Articles Back to Articles
Social Engineering is the method by which information about an
organisation or its operation is obtained by devious methods.
This method is used to great effect to defeat the security systems set
up by many companies certificated to ISO27001, The information security
This time of year we often act on behalf our Clients to see if
their systems are as secure as they believe they are; we use
computer penetration testing and social engineering to defeat our
Client's systems and then help them to plug the holes.
One method used is very simple but effective. We
arrange for a young, pretty girl, clutching a bunch of flowers, a
bottle of Champagne or a teddy bear to arrive at reception of any large
company on 14 February; she explains to reception/security
that she wants to surprise Mr (pick a common name) on this
auspicious day, as it is the only day in the year when a girl can
propose to a man. She thinks he works on the 4th
floor. The helpful receptionist/security guard corrects her
and tells her that he works on the 2nd floor; "once you leave
the lift turn right and his office is 4th on the right".
She is in, and has the freedom of the building; if challenged
she can explain that she is lost and is looking for Mr …. on the 2nd
floor. Eager to help she is taken through secure access
points and given information about the company.
This information adds to that already gathered from other
sources and can lead to a significant security breach.
The motto here is to trust no one and insist the even pretty
young girls bearing gifts must follow secure access procedures.
Labels: ISO27001, security, social engineering,
About the Author
FIBC, MISSA, ACQI is a director of Quality Matters Limited an
established independent management consultancy based in Essex, UK which
specialises in ISO27001 Information Security
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2011-03-07 17:21:37 in Business Articles