Social engineering is a term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. The attacker creates a situation or pretext, such as impersonating a trusted entity, to deceive a victim into divulging confidential data like credentials or financial information. This method exploits human trust and error rather than technical system vulnerabilities. Within an ISO 27001 framework, controls like information security awareness, education, and training (A.6.3) are implemented specifically to mitigate the risks posed by social engineering attacks.

A. This describes literal event planning within a company and is unrelated to the information security concept of manipulation for information gain.

C. This refers to corporate social responsibility (CSR), which involves community outreach and has no connection to security threats or deception.

1. Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering attacks. Journal of Information Security and Applications, 22, 113-122. In Section 1, Paragraph 1, the paper defines social engineering as attacks that "directly target the human user in order to retrieve sensitive information." DOI: https://doi.org/10.1016/j.jisa.2014.09.005

2. MIT OpenCourseWare. (2014). 6.858 Computer Systems Security, Fall 2014. Lecture 19: Web Security. Massachusetts Institute of Technology. The lecture notes define social engineering as an attack that "tricks a legitimate user into misusing their authority," which aligns with gaining confidential information through deception.

3. Mouton, F., Leenen, L., & Venter, H. S. (2016). Social Engineering Attack Detection Model: A Literature Review. In Information Security South Africa (ISSA), 2016 (pp. 1-8). IEEE. The paper's introduction (Section I) states, "Social engineering is the art of manipulating people into performing actions or divulging confidential information." DOI: https://doi.org/10.1109/ISSA.2016.7802920