The topic of social engineering is only covered briefly in today's system administration and security coursework. This lack of coverage leaves many Administrators ill-equipped to administer the users of a computer network. In addition to their technical training, administrators need to comprehend the potential severity and likelihood of social engineering attacks. Teaching administrators only to minimize the risk of hacking attempts or computer virus infections does not fully equip them with the knowledge needed to defend their networks. To ensure the safety of their network from social engineering attacks, administrators need to be able to answer three primary questions: * How can Administrators look for and identify a social engineering attack? * How can Administrators properly train users to ensure they do not become the network's weakest security link? * How can Administrators test their protection methods to ensure the risk of social engineering attacks is sufficiently mitigated? This thesis attempts to answer these questions, devise a training workshop template Administrators can present to their users, and present a base set of audit guidelines Administrators can employ to ensure their attack prevention methods are effective.

Library of Congress Subject Headings

Computer networks--Security measures; Social engineering

Publication Date


Document Type


Student Type


Degree Name

Networking and System Administration (MS)

Department, Program, or Center

Information Sciences and Technologies (GCCIS)


Johnson, Daryl

Advisor/Committee Member

Lutz, Peter

Advisor/Committee Member

Stackpole, Bill


Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in December 2013.


RIT – Main Campus