Abstract
Social engineering is a method of breaching computer and information security through the manipulation of an institution's staff members. This method has become increasingly relevant as computer based (or technical) security has become more advanced. By targeting the human element, social engineering voids any technical protections leaving even well-secured computer networks vulnerable. The defense against social engineering is to address the same path which the social engineers are exploiting, the human element. This can be addressed through the establishment of defensive information policies which give staff members the information that they need to prevent social engineering attacks from succeeding.