Beruflich Dokumente
Kultur Dokumente
Capella University
Abstract
Social engineering is when a professional hacker hacking human whiles an amateur use
social engineering to hack computers. The professional hacker hacks human by using various
psychological manipulation to get needed information which can aid them to get access to the
This paper describes the “analysis of the effect of social engineering on network security.
Discussing the paper will evaluate the strategy procedure to minimizing the effect on social
engineering in an international organization. This paper will review the topics on quality of service
Table of Content
Cover Page,
Abstract.
Table of Content.
Introduction/ Body
Conclusion
References
SOCIAL ENGINEERING AND QUALITY OF SERVICE 4
Introduction
The social engineering by a professional hacker is to hack human or their victims for, by
gathering information for the baseline attack and determination of ways and means for their
attacking procedures. In information gathering, they want to know the weakest link in the targeted
victim defense down in the information they won't be it the organization entry points, organization
weak link in security procedures, the access points for getting sensitive information. Social
engineering is the best form of actor or actress roleplaying a character in the script of tv or movies.
Before the attacker attack using social engineering, they spend much time studying their victims
and gathering information to win the trust of their victims by bending in with the mass.
Incapsula states that for a professional hacker to hack its victims in letting their defense
down they operate in way of mental manipulation vector of getting their victim fall for a careless
attack, comfort zone, helpful attack, and fear. In hacking the targeted victim’s manipulation of
helpful nature of always their desire to help others or put themselves out there to help anyone in
need. The exploit such a nature and desire to be helpful to others. Also, the manipulate the target
victim in their comfort zone mentality in letting guard down which makes it easy for them to fall
into attacker hacking social engineering. When the victim is in a trusted relationship with the
attacker hack the victim in their careless zone they can devoid sensitive information for an attacker
to use the hacking process. Also, they exploit the fear mentality of the targeted victim with a
process such as false pretense and putting pressure on the victim to get the information. Since the
professional hacker is hacking the target victim mentality and behavior without the victim’s actual
realization he/she is an active participant of network system security breaches and they are been
How does social engineering affect network system security of international organization?
Gulati shares (2003) his review that social engineering is a threat and what can be your best
solution for international organization falls victim to network system security breaches their
goodwill and reputation is loss through the stolen of sensitive information of customers or client
which becomes pay for that loss from legal litigation. That is companies and international
organization spends billion in network system security devices and technologies for security and
protection. Even though the greatest network system security threats are not an unpatched
application or operating system, malicious code injected into network traffic packet, badly
configuration firewall but the greatest threats are the workplace personnel at the international
organization. Since this workplace personnel who can be easily deceiving than network system
technology. These social engineering approaches of attack by a hacker affect the network system
security the direct method when attacker calls employee in impersonation approach to get ID or
troubleshoot computer problem for the employee without the employee realization of deceit and
manipulation by attacker using social engineering to motive the employee in a desire to be helpful
in troubleshooting of computer system. There is also the dumpster diving, snooping where an
attacker can use letterhead sheet of paper of the international organization which they got from
to the employees communicating the login information over the phone. There are also
vulnerabilities approach use by attacker such as the Trojan horse and popup window, where there
attacker mail malicious code attachment in which unsuspecting employee then open the attachment
for the malicious virus to spread in the computer network system or code a popup window of
operating system or application with message that the OS/application is having network
SOCIAL ENGINEERING AND QUALITY OF SERVICE 6
connectivity issues which require the employee relog in to the application/OS again continue their
Also, when the attacker uses false pretense to the social engine a workplace of an
administrator, can be janitor, cable company worker working phone installation or cleaning crew
working at the premise of the international organization. Gulati further states that (2003) they can
also be the pretense of the voice of top management executive seeking access to the secure network
system. There are workplace employees’ characters that can fall prey to this social engineering
which can cause network system security vulnerabilities. With the fear attack, the employee can
fall victim to the popup window. Also, for careless attack fall victim to any dumpster diving, listen
in. helpful mentality or character of employees can fall victim to direct attack, false pretense, the
voice of top management executive. Since all these are behaviors vulnerability which would be
areas of network system vulnerabilities in the international organization. Also, there is a behavior
vulnerability of curiosity or unnecessary web browsing falls prey to Trojan horse attack.
The procedures for mitigation social engineering affects the international organization
from the following process which will reduce the impact documentation of information security
system governance for the international organization. This well-documented information security
management technologies, network security outlines, it also contains a top-down process or down-
up process in maintaining network system security principles. It also contains types of policies
such as regulatory requirements, advisory standards, informative security control measures. Also,
their types of network system security control policy. Next procedure is awareness of all workers
behavioral vulnerabilities and network system security. There should be continuous network
system monitoring/compliant and audit policy of review all workers and non-workers privileges
and permission. There is proper institutionalize authentication and identity management which
means the international organization has a unique ID for each worker, by the unique ID that worker
permission and verified to access all computer network system. The network system vulnerability
with that is when the unique ID is used for all authentication and identification methods since that
is key of all personal data of workers when the cyber attacker gain access to such ID data of all
employees of the international organization through social engineering on one employee he or she
can use to have access to the organization network system and other support applications/OS that
employee is using and his/her have half of the workload done for him/her. Having different Unique
ids and permission to each different ID for every employee for access organization network system
helps in minimizing the risk and vulnerability network system (Gulati, 2003, n.d., p 8-11).
Also, Gulati, in addition, says that there is (2003) organization network management
process that can use to mitigate network system vulnerability such as call back or cross verification
approaches before any request is granted. There should be network management backup protection
protocols in the network system management operation insurance protection from a third party
insurance company, these network system management insurance protection provide insurance
policy the organization purchase against network system security attacks since the insurance
company is much concern about human or employee factors security controls such as audit
processes for internal or external, HR hiring processes, the kind of information security governance
Quality of service has influences on development and effective network system security
architecture which has the supports the user and overall network system distribution system,
SOCIAL ENGINEERING AND QUALITY OF SERVICE 8
Cynthia states that (n.d.) with using the QoS mechanism influence the effective network system
security architecture in making sure that reliable access to network system services through
efficient resource allocation and utilization. In the effective network system security architecture
there is QoS with Resource usage control by user load and terminals configured for network system
by which computation services for the end user’s expectation for appropriateness and performance
superiority are met. With QoS mechanism in the network system, architecture handles any services
level requests in the soft and hard necessities (Cynthia, Timothy n.d., p 1-3).
SOCIAL ENGINEERING AND QUALITY OF SERVICE 9
References
Capella University, 2019, Courseroom, unit 6, social engineering and quality of service, Date
retrieved 02/15/2019,
https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_
162482_1&content_id=_7268977_1&mode=reset
Gulati, R. (2003, n.d). The Threat of Social Engineering and Your Defense Against It. Date
room/whitepapers/engineering/the-threat-of-social-engineering-and-your-defense-
against-it-1232
Irvine, C., and Levin, T., (2000), Toward Quality of Security Service in a Resource Management
Cancun, Mexico,
Cynthia I., Timothy L., (n.d.) Quality of Security Service, Date retrieved 02/15/2019,
https://csrc.nist.gov/csrc/media/publications/conference-paper/2000/10/19/proceedings-
of-the-23rd-nissc-2000/documents/papers/202i.pdf
https://www.incapsula.com/web-application-security/social-engineering-attack.html
SOCIAL ENGINEERING AND QUALITY OF SERVICE 10
SOCIAL ENGINEERING AND QUALITY OF SERVICE 11