In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized
individual gaining access to computing resources?

A.
Implementing on-screen masking of passwords

B.
Conducting periodic security awareness programs

C.
Increasing the frequency of password changes

D.
Requiring that passwords be kept strictly confidential

Explanation:

Social engineering can best be mitigated through periodic security awareness training for users who may be the target of such an attempt. Implementing on-screen masking of passwords and increasing the frequency of password changes are desirable, but these will not be effective in reducing the likelihood of a successful social engineering attack. Requiring that passwords be kept secret in security policies is a good control but is not as effective as periodic security awareness programs that will alert users of the dangers posed by social engineering.