MARC details
| 000 -LEADER |
|---|
| fixed length control field |
04826cam a2200337 i 4500 |
| 001 - CONTROL NUMBER |
|---|
| control field |
18042651 |
| 003 - CONTROL NUMBER IDENTIFIER |
|---|
| control field |
ZW-GwMSU |
| 005 - DATE AND TIME OF LATEST TRANSACTION |
|---|
| control field |
20221111143700.0 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
|---|
| fixed length control field |
140213s2014 ne a b 001 0 eng |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
9780124201248 |
| 040 ## - CATALOGING SOURCE |
|---|
| Language of cataloging |
English |
| Transcribing agency |
MSULIB |
| Description conventions |
rda |
| 050 00 - LIBRARY OF CONGRESS CALL NUMBER |
|---|
| Classification number |
HM668 WAT |
| 100 1# - MAIN ENTRY--PERSONAL NAME |
|---|
| Personal name |
Watson, Gavin. |
| Relator term |
author |
| 245 10 - TITLE STATEMENT |
|---|
| Title |
Social engineering penetration testing : |
| Remainder of title |
executing social engineering pen tests, assessments and defense / |
| Statement of responsibility, etc. |
created by Gavin Watson, Andrew Mason and Richard Ackroyd. |
| 264 #1 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE |
|---|
| Place of production, publication, distribution, manufacture |
Oxford: |
| Name of producer, publisher, distributor, manufacturer |
Elsevier, |
| Date of production, publication, distribution, manufacture, or copyright notice |
2014 |
| 264 #4 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE |
|---|
| Date of production, publication, distribution, manufacture, or copyright notice |
©2014 |
| 300 ## - PHYSICAL DESCRIPTION |
|---|
| Extent |
xx, 386 pages; |
| Other physical details |
illustrations, |
| Dimensions |
24 cm. |
| 336 ## - CONTENT TYPE |
|---|
| Content type term |
text |
| Content type code |
txt |
| Source |
rdacontent |
| 337 ## - MEDIA TYPE |
|---|
| Media type term |
unmediated |
| Media type code |
n |
| Source |
rdamedia |
| 338 ## - CARRIER TYPE |
|---|
| Carrier type term |
volume |
| Carrier type code |
nc |
| Source |
rdacarrier |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE |
|---|
| Bibliography, etc. note |
Includes index. |
| 505 ## - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
Front Cover; Social Engineering Penetration Testing; Copyright Page; Contents; Foreword; Acknowledgements; About the Authors; About the Technical Editor; 1 An Introduction to Social Engineering; Introduction; Defining social engineering; Examples from the movies; Sneakers; Hackers; Matchstick Men; Dirty Rotten Scoundrels; The Imposter; Famous social engineers; Kevin Mitnik; Frank Abagnale; Badir brothers; Chris Hadnagy; Chris Nickerson; Real-world attacks; The RSA breach; The Buckingham Palace breach; The Financial Times breach; The Microsoft XBox breach; Operation Camion; Summary. 2 The Weak Link in the Business Security ChainIntroduction; Why personnel are the weakest link; Secure data with vulnerable users; The problem with privileges; Data classifications and need to know; Security, availability, and functionality; Customer service mentality; Poor management example; Lack of awareness and training; Weak security policies; Weak procedures; Summary; 3 The Techniques of Manipulation; Introduction; Pretexting; Impersonation; Baiting; Pressure and solution; Leveraging authority; Reverse social engineering; Chain of authentication; Gaining credibility. From innocuous to sensitivePriming and loading; Social proof; Framing information; Emotional states; Selective attention; Personality types and models; Body language; Summary; 4 Short and Long Game Attack Strategies; Introduction; Short-term attack strategies; Targeting the right areas; Using the allotted time effectively; Common short game scenarios; Long-term attack strategies; Expanding on initial reconnaissance; Fake social media profiles; Information elicitation; Extended phishing attacks; Gaining inside help; Working at the target company; Targeting partner companies. Long-term surveillanceSummary; 5 The Social Engineering Engagement; Introduction; The business need for social engineering; Compliance and security standards; Payment Cards Industry Data Security Standard; ISO/IEC 27000 information security series; Human Resource Security, Domain 8; Physical and Environmental Security, Domain 9; Social engineering operational considerations and challenges; Challenges for the social engineers; Less mission impossible, more mission improbable; Dealing with unrealistic time scales; Dealing with unrealistic time frames; Taking one for the team; Name and shame. Project managementChallenges for the client; Getting the right people; Legislative considerations; The Computer Misuse Act 1990 (UK)-http://www.legislation.gov.uk/ukpga/1990/18; Section 1-Unauthorized access to computer material; Section 2-Unauthorized access with intent to commit or facilitate commission of further offenses; Section 3-Unauthorized acts with intent to impair or with recklessness as to impairing, operation of computer, etc.; The Police and Justice Act 2006 (UK)-http://www.legislation.gov.uk/ukpga/2006/48/contents |
| 520 ## - SUMMARY, ETC. |
|---|
| Summary, etc. |
This book gives the practical methodology needed to plan and execute a social engineering penetration test and assessment. It has insights into how social engineering techniques--including email phishing, telephone pretexting, and physical vectors--can be used to elicit information or manipulate individuals into performing actions that may aid in an attack. Using the book's easy-to-understand models and examples, the reader will have a much better understanding of how best to defend against these attacks. The authors show hands-on techniques they have used at RandomStorm to provide clients with valuable results that make a real difference to the security of their businesses. The book shows how to use widely available open-source tools to conduct pen tests and the practical steps to improve defense measures in response to test results. -- Edited summary from book |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
Social engineering. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
Computer networks |
| General subdivision |
Security measures |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
Computer security |
| General subdivision |
Management |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
Data protection |
| 700 1# - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Mason, Andrew. |
| Relator term |
author. |
| 700 1# - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Ackyord, Richard. |
| Relator term |
author |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) |
|---|
| Source of classification or shelving scheme |
Library of Congress Classification |
| Koha item type |
Book |