1.7 KiB
| implementation-status | control-origination | |||||
|---|---|---|---|---|---|---|
|
|
at-2.3 - [catalog] Social Engineering and Mining
Control Statement
Provide literacy training on recognizing and reporting potential and actual instances of social engineering and social mining.
Control guidance
Social engineering is an attempt to trick an individual into revealing information or taking an action that can be used to breach, compromise, or otherwise adversely impact a system. Social engineering includes phishing, pretexting, impersonation, baiting, quid pro quo, thread-jacking, social media exploitation, and tailgating. Social mining is an attempt to gather information about the organization that may be used to support future attacks. Literacy training includes information on how to communicate the concerns of employees and management regarding potential and actual instances of social engineering and data mining through organizational channels based on established policies and procedures.
Control assessment-objective
literacy training on recognizing potential and actual instances of social engineering is provided; literacy training on reporting potential and actual instances of social engineering is provided; literacy training on recognizing potential and actual instances of social mining is provided; literacy training on reporting potential and actual instances of social mining is provided.
What is the solution and how is it implemented?
Add control implementation description here for control at-2.3