Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential customer
information in a recycle bin without shredding it first. This is MOST likely to increase the risk of loss from which
of the following attacks?
Dumpster diving is looking for treasure in someone else’s trash. (A dumpster is a large trash container.) In the
world of information technology, dumpster diving is a technique used to retrieve information that could be used
to carry out an attack on a computer network. Dumpster diving isn’t limited to searching through the trash for
obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent
information like a phone list, calendar, or organizational chart can be used to assist an attacker using social
engineering techniques to gain access to the network. To prevent dumpster divers from learning anything
valuable from your trash, experts recommend that your company establish a disposal policy where all paper,
including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased, and
all staff is educated about the danger of untracked trash.