A Proposed Multi-Layer Defense Model Against Social Engineering Attack

With the development of IT technology, in modern society, IT security has become an important reliance to the information security and privacy. Although there are a number of security approaches, such as firewall and intrusion detection system, which can be used to protect the machines from being attacked, there is a lack of widely accepted mechanism to prevent machine users from fraud. Social engineering is the attack meaning smooth communicating with victim to reveal valuable information in order to bypass the secure perimeter in front of the information-related resources. In this book, a novel taxonomy of social engineering attacks is proposed in order to understand the concept of the social engineering and gain insight of the representative social engineering attacks through applying the taxonomy to them. Furthermore, a multi-layer social engineering defense model is proposed to deal with the threats brought by the social engineering attacks. In each layer, different mechanisms are proposed respectively to facilitate the defense against various social engineering techniques in order to effectively protect information-related resources and guarantee IT security.