Social engineering policy: identity verification

 

Being aware of how attackers use pretexting to gather information, you need to write a policy describing the procedures our fictitious company will use to verify the identity of those requesting information. 

Part A:

Using ONLY your readings for this week as well as the videos and supplemental reading on how attackers use pretexting to gather personal information, what specific items do you think should be considered in writing a policy for identity verification?  

Part B:

Write a policy describing the procedures your fictitious company will use to verify the identity of those requesting information.  Be sure to include all the various means of communication within your company: in-person, via telephone, and via e-mail.  Do not forget that the policy should take into consideration the unique features of your scenario as well as your answers to Part A.