Non-traditional sources are less obvious and often overlooked information sources. It’s possible they can provide data that a corporate security awareness program wouldn’t or couldn’t take into account.
List of Sources
The following list covers some non-traditional sources:
- Industry experts or subject matter experts (SME) can provide detailed information about an area without providing anything regarding the target company. If the industry is somewhat standardized then the data can be overlayed and compared against the target to reveal possible vulnerabilities to SE.
- “When in Rome, do what the Romans do”. Engaging in activities or frequenting places that employees from the target company also do/visit is an excellent opportunity to elicit information. Proximity to the employees provides opportunities for conversation, eavesdropping, or possibly even covert cloning of RFID cards.
- Dumpster diving is a well documented vector for gathering information.