Font Size

Valentines Day and Data Security


Chris Eden - Quality Matters Limited

Business Articles
Submit Articles   Back to Articles

Social Engineering is the method by which information about an organisation or its operation is obtained by devious methods.  This method is used to great effect to defeat the security systems set up by many companies certificated to ISO27001, The information security management standard.

This time of year we often act on behalf our Clients to see if their systems are as secure as they believe they are;  we use computer penetration testing and social engineering to defeat our Client's systems and then help them to plug the holes.

One method used is very simple but effective.  We arrange for a young, pretty girl, clutching a bunch of flowers, a bottle of Champagne or a teddy bear to arrive at reception of any large company on 14 February;  she explains to reception/security that she wants to surprise Mr (pick a common name)  on this auspicious day, as it is the only day in the year when a girl can propose to a man.  She thinks he works on the 4th floor.  The helpful receptionist/security guard corrects her and tells her that he works on the 2nd floor;  "once you leave the lift turn right and his office is 4th on the right".

She is in, and has the freedom of the building; if challenged she can explain that she is lost and is looking for Mr . on the 2nd floor.  Eager to help she is taken through secure access points and given information about the company. 

This information adds to that already gathered from other sources and can lead to a significant security breach.

The motto here is to trust no one and insist the even pretty young girls bearing gifts must follow secure access procedures.

Labels: ISO27001, security, social engineering,

About the Author

Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an established independent management consultancy based in Essex, UK which specialises in ISO27001 Information Security Management consultancy.

Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2011-03-07 17:21:37 in Business Articles

All Articles

Copyright © 2004-2021 Scopulus Limited. All rights reserved.