Who Should Read This Paper: This paper provides security management information about the threats posed by social engineering and the defenses that are available to help resist social engineering hackers. Social engineering describes primarily non-technical threats to company security. The broad nature of these potential threats necessitates providing information about threats and potential defenses to a range of management and technical staff within a company, including:

• Board management
• Technical operation and service managers
• Support staff
• Security staff
• Business managers

OVERVIEW: Gain valuable information about the concepts of social engineering within the IT security workspace. In section one, the guide provides a working definition of social engineering that can be used within a company’s security policies and is meaningful to non-IT security staff. The guide describes the aims and objectives of an attacker and shows how social engineering, like hacking, is a threat to all businesses, not just enterprise or government institutions. The guide will also cover:

• Social engineering and the defense-in-depth layered model
• Social engineering threats and defense
• Online, telephone-based, and waste management threats
• Personal approaches
• Reverse social engineering
• Designing and implementing defenses against social engineering threats
• Developing a security management framework
• Risk management
• Social engineering in the organizational security policy
• Awareness
• Managing incidents
• Operational considerations
• Security policy for social engineering threat checklists

Download Word Doc Here
Read Online @ TechNet

I saw this added on the Microsoft Download Centre today but had not noticed the TechNet link at the bottom to thanks goes to Blake for pointing that out in his post.