11.8. Summary
This chapter has taken the focus away from the attacker to look at some of the ways you can think about protecting against the attacks described in this book. From that perspective there's a reasonable amount of overlap with Chapter 10, where the discussion revolved around the formal documentation of a security policy. The areas covered in this chapter include:
Understanding the Sources of Information Exposure – Many of the information leaks an organization suffers are inadvertent and accidental, though many are not. Knowing where you're weak and mitigating these areas is critical. Examples given include limiting information on corporate websites and educating your staff on limiting the exploitable information that they post about themselves on the Internet.
Mitigating the Threat of Social Engineering Attacks – Understanding the threat and educating staff is the key. Staff should recognize the value of even seemingly innocuous information in the hands of an attacker and be able to recognize potential social engineering attacks.
Reducing the Risk of Electronic Monitoring – There are a number of ways to detect if you have this problem (also known as bugging).
Engaging a Penetration Testing Team – Penetration tests, both physical and electronic, are highly recommended for gaining an insight into your current security position. Be warned, though, that testing teams are not equal in experience or competence.
Baseline Security – These are things you really have to tie down ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
