ABSTRACT
This chapter presents simple illustrations of social engineering risk scenarios and help information technology (IT) security professionals to understand the underlying psychological weaknesses that lead to risks. Most people are compliant to instruction when they feel ignorant about the situation they are in. Irrespective of IT security professional level of IT knowledge, they will recognize that the majority of people feel relatively ignorant of IT systems. Foreign diplomats have, on occasion, been tricked into divulging information by the amorous advances of a particularly attractive individual. Being helpful involves more than simply holding the door open for people, which helps tailgating criminals to enter into IT security professionals building. By allowing the HR department to independently purchase and configure a system, they have effectively bypassed the usual information security controls of the bank. The external storage of such confidential information should be carefully considered, with appropriate controls agreed with the supplier.
