What is Information Security?

The definition of Information Security is the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.

 


Social engineering is the art of manipulating people into performing actions or divulging confidential information. People fall for social engineering tricks based on their instinct to be helpful and trusting. The typical attacker never comes face-to-face with a victim using deception through email, social networks or over the phone. Most of the time a social engineer will be required to take the initiative, either by sending an email, clicking on a link within an email, making a phone call, or even transmitting a fax. Delete emails that ask you to confirm or provide personal information (user ids, password, card and bank account numbers,etc.). Legitimate companies don't ask for this information via email. The messages may appear to be from organizations you do business with – vendors, banks, retail stores for example. They might threaten to close your account or take other action if you don’t respond. Don’t reply, and don’t click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites – sites that look real but whose purpose is to steal your information.

Here are a few questions you should ask yourself:

  • Who is contacting me here? (Remember, most contact details can be found on the Internet!)
  • Why is he contacting me?
  • Is the way he's contacting me normal for this company?
  • Is the information he's requesting sensitive?
  • Is there a way to verify that this is indeed this person?