Author: Kevin Mitnick
ISBN No: 0471237124
Review date: 13/12/2025
No of pages: 363
Publisher: John Wiley & Sons
Year of publication: 11/09/2012
Brief:
American cyber-criminal Kevin Mitnick, out of US jail, has gone straight by writing The Art of Deception: Controlling the Human Element of Security.
He asks: is your organisation security-aware enough to deny a smooth-talking conman (or vengeful former employee), who is out to learn your passwords, accounting codes and other assets? Written breezily, this covers phoney websites, ‘social engineering’ – that is, tricking low-level staff over the ‘phone – and industrial espionage. As he says: ‘Much of the seemingly innocuous information in a company’s possession is prized by a social engineering attacker because it can play a vital role in his effort to dress himself in a cloak of believability.’ In other words, after a couple of calls to get internal phone numbers, in-house abbreviations and the like, someone with the gift of the gab can get his hands on sensitive company details – like a company directory. That’s handy for head-hunters out to poach your best staff, or the competitive intelligence trade out to pinch your customers. Mitnick says: ‘Your company has a responsibility to make employees aware of how a serious mistake can occur from mishandling nonpublic information. A well-thought-out information security policy, combined with proper education and training, will dramatically increase employee awareness about the proper handling of corporate business information.'<br><br>
The Art of Deception: Controlling the Human Element of Security, by Kevin Mitnick.
