- Technology
- SEE MORE
- classical
- general
- talk
- News
- Family
- Bürgerfunk
- pop
- Islam
- soul
- jazz
- Comedy
- humor
- wissenschaft
- opera
- baroque
- gesellschaft
- theater
- Local
- alternative
- electro
- rock
- rap
- lifestyle
- Music
- como
- RNE
- ballads
- greek
- Buddhism
- deportes
- christian
- piano
- djs
- Dance
- dutch
- flamenco
- social
- hope
- christian rock
- academia
- afrique
- Business
- musique
- ελληνική-μουσική
- religion
- World radio
- Zarzuela
- travel
- World
- NFL
- media
- Art
- public
- Sports
- Gospel
- st.
- baptist
- Leisure
- Kids & Family
- musical
- club
- Culture
- Health & Fitness
- True Crime
- Fiction
- children
- Society & Culture
- TV & Film
- gold
- kunst
- música
- gay
- Natural
- a
- francais
- bach
- economics
- kultur
- evangelical
- tech
- Opinion
- Government
- gaming
- College
- technik
- History
- Jesus
- Health
- movies
- radio
- services
- Church
- podcast
- Education
- international
- Transportation
- Other
- kids
- podcasts
- philadelphia
- Noticias
- love
- sport
- Salud
- film
- and
- 4chan
- Disco
- Stories
- fashion
- Arts
- interviews
- hardstyle
- entertainment
- humour
- medieval
- literature
- alma
- Cultura
- video
- TV
- Science
- en
Joseph Klein: The Social Engineering Engagement Methodology - A Formal Testing process of the People and Process
b'The security of an organization is composed of technology, people and processes. In the last few years, many organizations have done a good job addressing technology but have focused very little on the people and processes. \\n \\nThis presentation reviews the formal methodology for performing Social Engineering Engagements. The method is divided into four sections including the Pre-Engagement, Pre-Assessment, Assessment and Post-Assessment. \\n \\nThe Pre-Engagement, is the sales process for performing the assessment. In this section, we will review the business justification and headlines of current attacks. \\n \\nPre-Assessment if focused on identifying the scope of the project, limitation, targets and attack vectors. Also included are examples of what information must be gathers for use in the assessment and post assessment phase. \\n \\nThe most interesting and tedious part is the actual assessment. In this section, we will discuss how to engage the target, utilize company information, how to achieve the goal and what to do when you are caught. Included in this section is also how and what to document about every contact. \\n \\nPost assessment is the analysis and reporting phase. In it, we will review documenting findings, and mapping them to recommendations. \\n \\nJoe Klein, CISSP is Senior Security Consultant at Honeywell and a member of the IPv6 Business Council. He performs network, application, web-application, wireless, source-code, host security reviews and security architecture design services for clients in the commercial and government space \\n \\nPrior to joining Honeywell, Joe worked as a consultant performing attack and penetration assessments for many significant companies in the IT arena. While consulting, Joe also taught "Hacking and Incident Handling", "IDS/IPS management" and "Managing Network Security" at a local college in Jacksonville Florida. \\n \\nHe regularly speaking at conferences including Defcon, InfoSecWorld, PhreakNic and regional meetings including Infragard, ASIS and ISSA.>'