Humans are the weak link in any corporation\u2019s carefully crafted security perimeter. That\u2019s the prevailing theme of Kevin Mitnick\u2019s new book, The Art of Deception: Controlling the Human Element of Security (Wiley, October 2002), in which he shares stories of "social-engineering" hacks that involve everything from fake phone calls to dumpster-diving to illustrate how a dedicated and wiley hacker can use human fragility and carelessness to crack a network.Although CIOs may quickly tire of tales highlighting the boundless bravado of hackers, the book does offer some good advice on hardening your employees against such exploits. Mitnick recommends that companies encourage employees to adhere to the following security guidelines. Do not give out any personal or internal company information to anyone, unless their voice is unquestionably recognized and he or she has a need to know. Never disclose your password or any information about your password. Do not download, open or respond to e-mails and files from any unknown source. When in doubt (whether verifying a request for information or opening a file), ask for guidance from the security group. Do not judge a book by its cover. Just because a caller knows the corporate structure and lingo, sounds authoritative or looks the part, doesn\u2019t mean she is for real. It\u2019s acceptable and expected to challenge authority when there\u2019s a security risk at stake. Do not transfer files to people you don\u2019t know, even if the destination appears to be within company boundaries.