Social Engineering Training: Deceptions and Defenses

Course 2012

  • Duration: 3 days
  • Labs: Yes
  • Language: English
  • Level: Intermediate

In this Social Engineering course you gain the knowledge to defend against social engineering deceptions that threaten organisational security. You will gain the social engineering awareness to learn what is a social engineering attack. You will learn to prevent data breaches by learning the motivations and methods used by social engineers to access sensitive data and exploit organisational vulnerabilities. Gain the skills to implement procedures to defeat deceptions, and mitigate personnel vulnerabilities with this social engineering awareness course.

In this social engineering prevention training course, you gain the skills to defend against social engineering attacks that threaten organisational security. You learn the technical and psychological methods of manipulation, impersonation and persuasion used by social engineers. Further, this course incorporates hands-on activities designed to understand the motivations and methods used by social engineers, to better protect your organisation and prevent data breaches.

Social Engineering Training: Deceptions and Defenses Delivery Methods

  • After-course instructor coaching benefit
  • Learning Tree end-of-course exam included

Social Engineering Training: Deceptions and Defenses Course Benefits

Defend against social engineering deceptions that threaten organisational securityPlan and evaluate security assessments for human weaknessesPromote vigilance and implement procedures to defeat deceptionsMitigate personnel vulnerabilities with security awarenessMeasure your organization’s preparedness for attacks

Social Engineering Course Outline

Evaluating the organisational risks

  • Assessing social engineering threats
  • Analysing classic case studies

Thinking like a social engineer

  • Considering attack frameworks
  • Reviewing the methods of manipulation
  • Examining legal issues and social concerns

Identifying information sources

  • Gathering information passively and actively
  • Leveraging social media
  • Exploiting Google hacking

Collecting target information

  • Ripping information from sites with theHarvester
  • Dumpster diving for secrets and intelligence
  • Profiling users for weaknesses

Minimising information leaks

  • Securing information leaks
  • Implementing secure disposal policies
  • Pinpointing reconnaissance probes

Profiling an information architecture

  • Implementing the Berlo communication model
  • Source
  • Message
  • Channel
  • Receiver
  • Determining communication weaknesses

Addressing communication flaws

  • Verifying the source
  • Securing the information channel

Drawing out information

  • Soliciting information
  • Interview techniques
  • Identifying elicitation tactics and goals

Mitigating information leaks

  • Maintaining situational awareness
  • Implementing scripted responses

Circumventing physical security

  • Identifying weak types of locks
  • Bypassing electronic access controls

Securing the environment

  • Implementing high security locks
  • Preventing lock bumping

Gaining access with a disguise

  • Identifying spoofing techniques
  • Discovering change blindness deception
  • Assessing Internet impersonation techniques

Defending against impersonation and forgery

  • Implementing techniques to verify identity
  • Avoiding skimmers and hidden technology threats

Examining human weaknesses

  • Leveraging Cialdini’s motivation factors
  • Identifying mindlessness dangers
  • Exploring commitment and consistency vulnerability

Compelling behaviour

  • Exploiting social proofing
  • Taking advantage of implied authority
  • Demanding action with "quid pro quo"

Bolstering resistance to persuasion

  • Adhering to policy and rules
  • Recognising risky situations
  • Learning to interpret and then recognise

Assessing social engineering vulnerabilities

  • Conducting a penetration test
  • Creating a scope of work
  • Mitigating legal issues and embarrassment

Creating comprehensive policies

  • Establishing verification policies
  • Regulating the use of social networks
  • Delivering effective security awareness training

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

Course FAQs

Social engineering is what it is called when hackers manipulate people to give up confidential information. There are many forms of social engineering.

It is an attack that relies heavily on human interaction and uses manipulation to have people break normal security procedures and practises.

Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available as Private Team Training.