how can ideas from the identity management lifecycle be applied to helping an organization's workforce,at all levels, defend against sophisticated social engineering attack attempts? ( choose all that apply)

Transcribed Image Text:

A B с D 0 0 Contact requests by email, by phone, in person, or by other means are akin to access attempts, and they can and should be accounted for. Most end users may have significant experience with the routine operation of the business systems and applications that they use; this can be applied, much like identity proofing, to determine whether a suspected social engineering attempt is taking place. Most end users and their first-level supervisors have the best, most current insight as to the normal business rhythm, flow, inputs, and outcomes. This experience should be part of authenticating an unusual access request (via email, phone, in person, or by any means). Users think that they know a lot about "business normal," but they tend to know only the narrow scope of their jobs and responsibilities; this does not equip them to contribute to detecting social engineering attacks.