- Ian Mann
Information security is about people, yet in most organizations protection remains focused on technical countermeasures. The human element is crucial in the majority of successful attacks on systems and attackers are rarely required to find technical vulnerabilities, hacking the human is usually sufficient.
Ian Mann turns the black art of social engineering into an information security risk that can be understood, measured and managed effectively. The text highlights the main sources of risk from social engineering and draws on psychological models to explain the basis for human vulnerabilities. Chapters on vulnerability mapping, developing a range of protection systems and awareness training provide a practical and authoritative guide to the risks and countermeasures that are available.
There is a singular lack of useful information for security and IT professionals regarding the human vulnerabilities that social engineering attacks tend to exploit. Ian Mann provides a rich mix of examples, applied research and practical solutions that will enable you to assess the level of risk in your organization; measure the strength of your current security and enhance your training and systemic countermeasures accordingly. If you are responsible for physical or information security or the protection of your business and employees from significant risk, then Hacking the Human is a must-read.
Contents: Introduction; Part One The Risks: What is social engineering?; Understanding your risks; People, your weakest link; Limitations to current security thinking. Part Two Understanding Human Vulnerabilities: Trust me; Reading a person; Subconscious mind; Parent, Adult, Child. Part Three Countermeasures: Vulnerability mapping; Protection systems; Awareness and Training; Testing. Index.
About the Author: Ian Mann is Senior System Consultant with ECSC Ltd (www.ecsc.co.uk) a specialist information security consultancy. Ian has worked with a wide range of companies, including a number of leading financial institutions, to help them understand the risk from attacks by social engineers, and to develop effective countermeasures. He is also known for his presentations on the subject.
Reviews: 'Identity theft is a daily occurrence, and Ian reminds us all that the strongest doors and technical controls are of little use if we do not ensure that the person we are dealing with is who they claim to be. His dry sense of humour lightens the theory which helps the reader understand why criminals utilise such tactics, and how we are pre-programmed to fall for them. The content redresses the balance by examining an area of security which is often overlooked – you and me!
Hacking the Human takes a refreshing look at security, and is a good read for all security professionals, a must for security awareness trainers, and also provides a useful grounding for anyone setting out on a career in information security, providing numerous examples of exploits which occur on a daily basis. It is very comprehensive and offers practical solutions to avoiding the pitfalls.'
– Pat Watson, Information Security Officer, Gateshead
'Full of ideas and angles that turn day-to-day security management on its head. For years the security business has ground away at technical issues that company boards don't understand...this book lays open the reality of 'real' security – the security that the CEO understands and worries about.'
Jon Pumfleet, Head of Information Security, Threadneedle
‘The subject matter of Hacking the Human is varied and at times dense, ranging from magic and mind-reading tricks to neurolinguistic programming, transactional analysis, and personality profiling. The book, however, is engaging and readable. Overall, this text is a detailed primer as well as a solid reference source and starting point for further research. In a fundamental way, this book is analogous to a lock picking manual for the human brain. It is an indispensible resource for security professionals regardless of speciality.’
– William Stepka, CPP, Security Magazine
Extracts from this title are available to view:
Full contents list and list of figures
Chapter 3 - People, your weakest link