Top positive review
7 people found this helpful
Social Engineering Portal
on 2 January 2012
A book containing the entire body of knowledge pertaining to Social Engineering is going to run to several volumes. Its such a wide subject encompassing a huge variety of topics that a single volume just isn't going to be able to cover them all in inordinate detail; even Microsoft canned Encarta when the Internet took off :). I therefore picked up this book hoping to gain an oversight into the field of Social Engineering, learn the most important aspects of it, and hopefully pick up some references for future study. It delivered on my expectations in spades.
It first establishes the framework of social engineering, something that I think is incredibly important. Yes you can learn individual elements but without understanding where they sit in a framework (where they are most prudent, what inputs you need and what outputs you can expect) you limit your overall effectiveness as/understanding of a social engineer. It then proceeds to take you through each of the elements in turn, delivering a precis and expanding on specific salient points. Every section is accompanied with copious references for further research and its clear that the author is intimately familiar with his material. Moreover, its also clear that he has a passion for the subject matter and this comes across well in the book.
Although written in a slight slant towards penetration testing, the author goes to great lengths to point out that in order to defend against something you need to understand how, where, and when someone will attack. Its something of an Infosec pastiche, but the Sun-Tzu quote "Know thine enemy better than one knows thyself" certainly applies here. As someone on the defence side, this book is invaluable in understanding how someone may use these techniques against us and should be a mandatory read for anyone tasked with creating an infosec program that really works.