Note: Date TBA for this one-day seminar.

What is social engineering?

Fraud, hacking, identity theft, phishing, pharming, phreaking, urban spelunking, server cracking, wardriving, con artistry, dumpster diving... All of these deceptions may involve low-tech social engineering attacks. These attacks are typically carried out by telephoning or emailing users or operators and pretending to be an authorized user to attempt to gain illicit access to systems.

The practice of deceiving employees into providing secure information has become more common as technology defenses strengthen. A new breed of sophisticated hackers, called “social engineers,” has been refining its methods in recent years as IT departments scramble to slam the gate on network infiltration. These social engineers are extremely bright and persistent, but their attacks can be repelled with proper preparation.

Organizations can be a target rich environment for social engineers. Hackers target sensitive and secured areas seeking data such as customer account information, network credentials, project knowledge, organizational structure, personnel details, spending patterns, and operations knowledge. A breach of this type can result in a damaging public embarrassment and impact thousands of customers.

Learn how to establish a complete culture of security at your company from an expert who understands the tactics of social engineers.

Who is the course instructor?

Todd Snapp is president of RocketReady, a Tampa, Florida, security company focused on “The Human Side of Security.” Todd and his team are leading the charge against social engineering and have developed key programs and systems to help organizations defend themselves. Todd was instrumental in performing ethical social engineering attacks on some of the largest organizations in the U.S., including government agencies and Fortune 500 companies. The attacks yielded unprecedented access to sensitive and highly secured data using only the telephone, email, and facility visits. With 15 years of experience managing large global networks, he has insight into the marriage between technical and non-technical security. A self-proclaimed “ethical con man,” Todd has made it his career goal to enlighten the corporate and government worlds to the serious threat posed by low-tech hackers.

What will I learn?

Topics to be covered include

• People Hacking – An Overview of Social Engineering
• The History of Social Engineering and Con-Artistry
• Pretext Calls - The Phone Attack
• A Phishing Expedition - The Electronic Attack (Fraudulent Emails and Web Sites)
• Enemy at the Gate - The Organizational Attack (Facility Threats, Hiring Practices and Organizational Infiltration)
• Identifying the Dangers
• Secure Business Practices
• Security on the Road - Wireless and Mobile Device Security
• Protecting Essential Data – Security with data that needs to be used on a daily basis
• Social Engineering Intrusion Detection (Technical and Non-Technical)
• Potential Financial Impacts of Social Engineering
• Protecting Your Employees
• Protecting Your Organization
• Departmental Collaboration (Whose job is it?)

The entire class is interactive and discussion-oriented. Workshop exercises include identifying fraudulent phone calls, emails and websites, thinking like a hacker, defending against attacks while traveling, identifying trophies, building a secure culture with a positive attitude and developing a corporate-wide communication scheme.

Who should attend?

This class provides invaluable information and training for executives, managers, supervisors and employees at all levels and departments in government, industry and businesses, including information technology, information assurance, human resources, and call centers.

Why Capitol College?

Capitol College has been designated as a National Center of Academic Excellence in Information Assurance Education, by the National Security Agency and the Department of Homeland Security.

For more information, contact:

Allan Berg (ext. 3028) or Ken Crockett (ext. 3026)
301-369-2800 or 800-950-1992
cicpc@capitol-college.edu