Certified Information Security Manager (CISM) Practice Exam

The manipulation of staff to perform unauthorized actions is best identified as social engineering. This term encompasses a range of tactics aimed at deceiving individuals into divulging confidential information or undertaking actions that compromise security. Social engineering exploits human psychology, often leveraging scenarios that create a sense of urgency, fear, or trust to manipulate individuals.

This method can include techniques such as pretexting, where an attacker presents a fabricated identity to gain sensitive information, or baiting, which lures individuals into taking actions that could harm security. By understanding the psychological and social aspects that prompt individuals to comply, social engineers can effectively bypass traditional security measures.

In contrast, other terms like phishing specifically refer to deceptive emails or messages designed to trick recipients into revealing personal information. Trojan activity pertains to malware disguised as legitimate software to infiltrate systems, while insider threat involves malicious actions taken by individuals within an organization who misuse their access to cause harm or extract sensitive information. Social engineering, thus, is the umbrella term that encapsulates these manipulative strategies effectively.