Social engineering encompasses techniques attackers use to manipulate people into revealing confidential information or granting unauthorised access. Common methods include phishing, pretexting, tailgating, and baiting. These attacks exploit human traits such as helpfulness, deference to authority, and time pressure. You counter social engineering primarily through regular awareness training and phishing simulations. In an ISMS, social engineering is relevant both as a threat category in the risk analysis and as a focus area in the training programme.