Maintaining an onboarding and annual security awareness program is the best way to prevent social engineering incidents because it can educate the users about the common techniques and tactics used by social engineers and how to avoid falling victim to them. Ensuring user workstations are running the most recent version of antivirus software, including security responsibilities in job descriptions and requiring signed acknowledgment, and enforcing strict email security gateway controls are all good security practices, but they do not directly address the human factor that is exploited by social engineering. References:
ISACA, CISA Review Manual, 27th Edition, 2020, p. 3671
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit