Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Reader submitted question on Social-Engineering SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Reader submitted question on Social-Engineering

As you can imagine, here at the ISC we get thousands (tens of thousands?) of user submitted questions and suggestions.  Let me tell you what, we appreciate it.  It's what binds the galaxy together. (TM)

But we had a user submitted question today that I found particularly interesting.  Jim wrote in asking us:

"I am looking for some good policies and practices to help my help desk avoid falling victim to social engineering.  I looked around on SANS and other sites but find little more than asking a few questions to verify identity.  We are also considering a callback as a auditing step.  What do you think?"

So what DO you think readers? 


Joel Esler


454 Posts
Nov 27th 2007

Sign Up for Free or Log In to start participating in the conversation!