mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-11 18:13:43 +03:00
31 lines
1.4 KiB
Markdown
31 lines
1.4 KiB
Markdown
# Standards and References: Social Engineering Pretext Call
|
|
|
|
## MITRE ATT&CK Techniques
|
|
- **T1566.004** - Phishing: Voice (Vishing)
|
|
- **T1598** - Phishing for Information
|
|
- **T1598.003** - Phishing for Information: Spearphishing Voice
|
|
- **T1589** - Gather Victim Identity Information
|
|
- **T1589.001** - Gather Victim Identity Information: Credentials
|
|
- **T1589.002** - Gather Victim Identity Information: Email Addresses
|
|
- **T1591** - Gather Victim Org Information
|
|
- **T1591.004** - Gather Victim Org Information: Identify Roles
|
|
- **T1593** - Search Open Websites/Domains
|
|
|
|
## NIST References
|
|
- **NIST SP 800-50** - Building an IT Security Awareness and Training Program
|
|
- **NIST SP 800-53 Rev. 5** - AT-2: Literacy Training and Awareness
|
|
- **NIST SP 800-53 Rev. 5** - AT-3: Role-Based Training
|
|
- **NIST SP 800-115** - Section 3.3: Social Engineering
|
|
|
|
## Legal Frameworks
|
|
- **Computer Fraud and Abuse Act (CFAA)** - Authorization requirements
|
|
- **GDPR Article 6** - Lawful basis for processing (if recording EU citizens)
|
|
- **State wiretapping laws** - One-party vs two-party consent states
|
|
- **Telecommunications Act** - Caller ID spoofing regulations (47 U.S.C. 227)
|
|
|
|
## Industry Standards
|
|
- **PTES** - Social Engineering section
|
|
- **OSSTMM** - Human Security Testing module
|
|
- **CREST** - Social Engineering guidelines
|
|
- **SE Code of Ethics** - Social engineering testing ethical standards
|