Supporting Student Notes:

• Its not just the data and applications you cannot trust – you can’t trust the other users either

• 1st social enngineering technique is the use of spam including URL”s

• SPF = Sender Policy Framework: a mechanism to identify valid sender IP addresses from the sender’s DNS records
   (using a TXT record)

• DKIM = Domain Keys Identified Mail: a mechanism to digitally sign emails to ‘prove’ the originating domain (using
   public key encryption techniques)

• Supporting Point 1: Leakage through email

• Supporting Point 2: Inappropriate emails and social network postings

• Supporting Point 3: Breaching privacy by using clear-text emails

Comments:

Data loss, also referred to as data leakage has become a significant issues for organizations today, especially with GRC
and compliance in mind. Organizations need to consider outbound email both accidental and malicious as part of their
security posture. Similarly, the capability to meaningfully enforce encryption policy is a concern. And we need to encrypt
in a user-friendly way for both smartphones and other mobile devices. For inbound email, attackers have gotten more
crafty over the years. Email forgeries for legitimate companies have become nearly undetectable. No amount of training
can keep users from opening email from senders they know and clicking on email links for resources they trust.