Track: Cyber Security
Abstract
The case study entitled “Social Engineering Attack Awareness and Prevention Training” is focused on improving the security for a diving business. In recognizing the importance of tourism to the economy of the Philippines, the business was chosen with the goal of proposing an information security plan to help the business better their current state of security. The proponents of the study conducted an online interview with a representative of the company for the main purpose of acquiring information regarding the nature of the business and their current information security system. Analyzing the interview, it was determined that the business greatly lacked the appropriate measures and knowledge when it came to social engineering threats. Thus, it was decided that a social engineering security training program was the optimal route in improving the overall security of the company. After gathering information from various professional organizations, individuals, and websites on the Internet, the training program – sharing the same name as the case study – was designed to take place over the course of three days. In those three days, the training program introduces what social engineering attacks are, how to identify and prevent them, and how to develop a business recovery and continuity plan. Through this, the company should be knowledgeable and prepared for threat actors seeking to harm the business with the use of social engineering attacks.