Subscribe to Updates in Technology, Media & Telecom

RSS By Email

RSS By RSS

Add to Google Reader or Homepage

Subscribe in Bloglines


The Expertise Imperative and Compliance Technology
Access to a diverse array of specialized expert inputs drives superior decisions in every organizational context: within corporations, by investors and consultancies, and within nonprofits. When decision makers are confident of their decision inputs, they can respond more quickly and creatively to challenges and opportunities.Learn more about GLG's Compliance Framework


This page may include content provided by Council Members, your access to which is subject to the Terms of Use.
Find Out More

November 19, 2007

Social Engineering - Information Security; The Weakest Link

Analysis of: Looming Online Security Threats in 2008 | www.businessweek.com
This analysis is solely the work of the author. It has not been edited or endorsed by GLG.
Analysis By:
Shawn Burgess, CIO/DirectorShawn Burgess
CIO/Director, Kingman Hospital Inc
Implications: Social Engineering is an age old tool of spy's and new age hackers.  Using access credentials of authorized users is the easiest and less noticeable means to assume controls of technology resources.  "What you have" authentication factor(s) can provide administrators an upper hand in ensuring only authorized users access.

Analysis: Information Security technology is hard pressed to cover the gap between prudent security policy and technology when social engineering trumps the best of efforts.  Social engineering is an effective tool in the hacker's toolbox; preying on the nativity and/or unwarranted trust of their victims.
Technology that requires the user to have possession of a token or object gain access to information technology resources is the best measure to tackle this ever growing challenge.  Two, or Three-factor authentication requiring  something such as a key fob or software token to validate the use of a specific user ID not only provides a higher level of authorized use, but can also combat infamous dictionary attacks.
Certain technologies use rotating keys to ensure the token is in sync with back-end resources.

Other Analyses of the Same Source Article:
Generalizations Are False
January 22, 2008, Author: GLG Expert Contributor
PT Barnum's famous "sucker born every minute" quote didn't factor in Internet Time
January 2, 2008, Author: GLG Expert Contributor
Response to security threats same as they have always been
December 17, 2007, Author: GLG Expert Contributor
Laws on Online protection are behind the times
December 10, 2007, Author: Cliff Bell, Chief Information Officer, Infogain Corporation
Your PC is safe now, but your MySpace page is not!!
November 26, 2007, Author: Hans van Rietschote, Senior Director, Symantec Corporation
Security Threats in 2008
November 20, 2007, Author: GLG Expert Contributor
Growing Security Threats – It Is About ACCESS and TRUST
November 20, 2007, Author: P.J. Louis, President, PJ Louis LLC
The Annual "Online Security Threats" Repeats The The Same "Old" Stuff
November 19, 2007, Author: GLG Expert Contributor
The Internet is not necessarily safe or accurate - CYA
November 19, 2007, Author: Scott Holcomb, Chief Executive Officer, HOLCOMB ENTERPRISES
The Dangers to Information Infrastructures and Sources Due to Internet and Cybercrime
November 15, 2007, Author: GLG Expert Contributor
Cybercrime and Cyber warfare
November 15, 2007, Author: GLG Expert Contributor
New Technology and Capability Bring New Security Challenges
November 14, 2007, Author: John Pironti, Chief Information Risk Strategist, CompuCom

Report a Concern

More GLG News in
Technology, Media & Telecom

Most Popular:
Source Article | Expert Analyses
 

GLG News: What Experts Think Is Important





Analytics


Generated at 2008-09-06T21:45:17.077