- Define “social engineering” and provide three examples (e.g., pretexting, baiting).
- What are the key components of a good security awareness training program for employees?
- How can a simple “clean desk” policy contribute to the overall security of a business?
How can a simple “clean desk” policy contribute to the overall security of a business?
Answer
1. Social engineering is a manipulation technique used by attackers to trick people into revealing confidential information or performing unsafe actions. Examples include:Pretexting: pretending to be someone trustworthy (e.g., IT staff) to obtain sensitive data.Baiting: offering something enticing (like a free USB or download) that contains malware.Phishing: sending fake emails or messages that appear legitimate to steal login credentials
2. A good security awareness training program should include clear policies, regular training sessions, real-world attack simulations (like phishing tests), and continuous updates to keep employees aware of new threats. It should also encourage reporting suspicious activities.
3. A “clean desk” policy improves security by ensuring sensitive documents, devices, and information are not left exposed. This reduces the risk of unauthorized access, data theft, and accidental information leaks.
Status: 100%
Keterangan: Telah dikerjakan sebaik mungkin.
