Social engineering
Employee behavior can have a big impact on information security in organizations. The attacks used in social engineering can be used to steal employees' or client confidential /priviledged information.
Social engineering is the manipulation of people (fraud) for the purpose of disclosing their confidential information or gaining access to some other resources which the manipulator could not otherwise reach to. Manipulators or the attackers use this technique to perform a successful attack because is not necessary to penetrate into the user's security protection, exploit the weakness of the user’s software, etc.
Controls in the field of social engineering are arranged directly with the user in order to include various elements of spatial, organizational and general security of information systems and select areas with the biggest business risks.