cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer II

Social engineering

Dear Team

 

Appreciate your suggestions for below question.

 

Which of the following countermeasures is the MOST effective in defending against a social engineering attack?

  • A. Mandating security policy acceptance
  • B. Changing individual behaviour
  • C. Evaluating security awareness training
  • D. Filtering malicious e-mail content

Option B & C are both viable options here.

I would go for Option B as the best answer as it is the most effective countermeasure.

 

Any thoughts here?

Appreciate your inputs.

 

Thanks

Nitesh

1 Reply
Newcomer II

Re: Social engineering

First, "counter measures" are a type of control that reduce vulnerability and ultimately, risk. "B" would be the best answer because the actions they produce will have a more profound and direct outcome or impact of attempted social engineering attacks. 

 

-"A" is useless without people behaving the way they're supposed to.

-"C" is not a good choice because no matter how good or bad security awareness training is, this training won't matter if people's behaviors are poor. 

-"D" isn't that great either because there are still other attack vectors social engineering can use besides e-mail, and again, this won't matter either if people's behaviors aren't good.

 

It takes both educating people and having those people behave appropriately to have a great, mitigating effect on social engineering reduction. 

 

A, C, and D heavily depend on people's behavior, making B the best choice for an answer.