Which of the following is the next best countermeasure against social engineering after awareness training?
A. Implement multi-factor authentication
B. Update the disaster recovery plan
C. Restrict the flow of information through the use of security labels
D. Obtaining a certification through taking an exam
The correct answer is C.
Domain: 2.4. Awareness is the best countermeasure against social engineering, but that awareness is training based on established company policies regarding the control and flow of information. Thus, the next best countermeasure is the restriction of the flow of information through the use of security labels. Awareness is best because social engineering is an attack against people, so the best defense is improving the knowledge and skepticism of employees. Company policies are what are used to perform this training, but the policies themselves are worthless if they are not used as a basis for training.