December 18


Social Engineering, should it be added as a SANS top 20 Vulnerability?

A story here proposes, largely jokingly, the idea of adding “Homo sapiens” to a widely-recognized list of the most significant vulnerabilities impacting computers and the networks which connect them.

Even though this is a joke, I wonder if a certain value might not be had by listing it in this fashion, on a widely-used and well-known list like that one. As we’ve already talked about here, the human factor is already one of the weakest links in the security chain, and as computing becomes more and more ubiquitous, the risk is just going to increase.

Although most company policies have a basic nod to this area, is it time to revamp these policies, paying specific attention to the risks associated with social engineering, and increase the training around these issues? I think it is, and I think that listing it in the SANS Top 20 list is actually quite appropriate, and no laughing matter.

Thanks to the DC303 list to calling my attention to this.


You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Tired of feeling defeated on Friday?

Where the stack of work to get done is bigger than what got finished. You dread next week before the weekend even begins.

It doesn’t have to be this way.