The topic of social engineering is only covered briefly in today's system administration and security coursework. This lack of coverage leaves many Administrators ill-equipped to administer the users of a computer network. In addition to their technical training, administrators need to comprehend the potential severity and likelihood of social engineering attacks. Teaching administrators only to minimize the risk of hacking attempts or computer virus infections does not fully equip them with the knowledge needed to defend their networks. To ensure the safety of their network from social engineering attacks, administrators need to be able to answer three primary questions: * How can Administrators look for and identify a social engineering attack? * How can Administrators properly train users to ensure they do not become the network's weakest security link? * How can Administrators test their protection methods to ensure the risk of social engineering attacks is sufficiently mitigated? This thesis attempts to answer these questions, devise a training workshop template Administrators can present to their users, and present a base set of audit guidelines Administrators can employ to ensure their attack prevention methods are effective.
Library of Congress Subject Headings
Computer networks--Security measures; Social engineering
Networking and System Administration (MS)
Department, Program, or Center
Information Sciences and Technologies (GCCIS)
Spinapolice, Matthew, "Mitigating the risk of social engineering attacks" (2011). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus