The paper I will be writing is entitled The Severity of Social Engineering. This paper will begin by breaking down the definition of severity as per the industry standard.   Companies such as SANS have developed security models such as the SANS Top 20 Cyber Security Risks.  SANS looks at various aspects including client-side vulnerabilities, internet-facing web site vulnerabilities, Zero Day vulnerabilities, etc.  This paper will look at what aspects are used to determine the severity of attacks to develop a definition of what the industry looks at to define severity.

The industry does not have an official definition for social engineering; therefore, this paper will look at the loose definitions of social engineering and develop a definition that can be used in the industry.  Social engineering has been around as long as social interactions have existed.  Attackers use human interaction techniques to persuade others into doing things for the attacker and/or providing information to the attacker.

With many human interactions now done online, social engineering attacks have been exceedingly prevalent around the internet.  This paper will then apply the definition of social engineering to the definition of severity and determine whether or not social engineering will be in the top cyber attacks in the immediate future.   This paper will also provide some recommendations on how to combat these attacks.

General