ELECTIVE COURSE -> not offered every semester
Learning objectives:
The participants
understand the mode of action of social engineering not only on a technical but also on a psychological level.
know the different phases of a social engineering attack.
are able to name, analyze and evaluate different attack vectors.
are able to recognize social engineering by means of technical and organizational measures and to develop and implement countermeasures.
can conceptualize, implement and evaluate the success of security awareness training.
can apply methods from IT auditing to carry out appropriate tests for the existence and effectiveness of controls and employee awareness of social engineering.
Course content:
Theoretical basics of social engineering (definition, mode of action, human behavior, attack vectors)
Embedding social engineering in the IT security management of companies (e.g. security incident process)
Presentation of concrete social engineering attack vectors (e.g. e-mail phishing, attacks via telephone, distribution of USB sticks, physical access attempts)
Using "The Social-Engineer Toolkit" to carry out social engineering penetration tests
Measures to detect social engineering (e.g. spam filters, anti-malware, security awareness, authentication)
Measures to prevent social engineering (e.g. security awareness, technical solutions)
Approaches to testing security awareness in companies
Transfer of practical experience