<Li> Strategic Planning: to come up a better awareness - program, we need to set clear targets . Clustering people is helpful to achieve it . </Li> <Li> Operative Planning: we can set a good security culture based on internal communication, management - buy - in, and security awareness and training program . </Li> <Li> Implementation: four stages should be used to implement the information security culture . They are commitment of the management, communication with organizational members, courses for all organizational members, and commitment of the employees . </Li> <P> All social engineering techniques are based on specific attributes of human decision - making known as cognitive biases . These biases, sometimes called "bugs in the human hardware", are exploited in various combinations to create attack techniques, some of which are listed below . The attacks used in social engineering can be used to steal employees' confidential information . The most common type of social engineering happens over the phone . Other examples of social engineering attacks are criminals posing as exterminators, fire marshals and technicians to go unnoticed as they steal company secrets . </P>

What is one of the key components involved in almost all social engineering attacks