Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Reader submitted question on Social-Engineering

Published: 2007-11-27
Last Updated: 2007-11-27 21:04:19 UTC
by Joel Esler (Version: 1)
0 comment(s)

As you can imagine, here at the ISC we get thousands (tens of thousands?) of user submitted questions and suggestions.  Let me tell you what, we appreciate it.  It's what binds the galaxy together. (TM)

But we had a user submitted question today that I found particularly interesting.  Jim wrote in asking us:

"I am looking for some good policies and practices to help my help desk avoid falling victim to social engineering.  I looked around on SANS and other sites but find little more than asking a few questions to verify identity.  We are also considering a callback as a auditing step.  What do you think?"

So what DO you think readers? 


Joel Esler

0 comment(s)
Diary Archives