# Social Engineering and Insider Threats Backlink: [[Domain 1 - Index]] **Definition:** Human-centric attacks manipulating trust and the risks posed by insiders (malicious or negligent). ## Key Facts - Techniques: phishing, vishing, smishing, pretexting, tailgating, baiting. - Insider types: malicious, negligent, compromised. - Controls: training, strong authentication, monitoring/DLP, SoD. - Joiner–Mover–Leaver processes reduce residual access. - Behavior analytics and reporting channels support detection. - **Verify:** check official (ISC)² CBK and current exam outline. >[!tip] **Exam Relevance** - Choose controls against insider misuse - Recognize social engineering pretexts >[!note] **Mnemonic** - “People are the Pivot.” ### Example Q: Employee downloads large data at midnight. First step? A: Investigate with monitoring evidence; consider insider risk. ## Revision Checklist - [ ] List 4 social engineering methods - [ ] Name 3 insider controls - [ ] Explain JML process - [ ] Include vendor insider considerations ## Related [[Security Awareness and Training]] · [[Third-Party and Supplier Risk Management]] · [[Security Control Types]] · [[Incident Response Lifecycle]] · [[Data Retention and Destruction]] #cisSP #domain-1 #concept