玲玲 2007-4-23 14:36
社会工程学 The human element of Information Warfare
信息来源:[url]http://www.cc.gatech.edu[/url]
Social engineering is one of the most dangerous and easiest to exploit threats to information security today. The "human element" introduces an unpredictable variation into security that cannot be prevented with a simple technical control. Pfleeger puts forth the Principle of Easiest Penetration, which states that the methods that require the least amount of work on the part of the intruder will be the first to be exploited (Pfleeger, 5). By exploiting aspects of human nature such as the desire to help a fellow employee in need or to impress a superior by saving the day, the accomplished social engineer can gain access to confidential data and systems, insert backdoors for later use, or exploit virtually any other tangible risk to an information system.
[attach]2119[/attach]