final_Vanisree

docx

School

Webster University *

*We aren’t endorsed by this school

Course

5130

Subject

Civil Engineering

Date

Feb 20, 2024

Type

docx

Pages

20

Uploaded by ProfessorRabbitMaster35

Report
CSSS 5180 Social Engineering Webster University Professor: Zelalem Mengistu Final Exam Name: Peddi Vanisree Student ID: 4224067
Discuss the art and method of   Influence and Manipulation . How are each applied to a social engineering plan?   What is the difference between the two?   Which method is more effective (give examples of circumstances/settings to be applied)? Influence and manipulation are two powerful methods that are utilized in the practice of social engineering, which is a strategy that takes advantage of people's natural psychological tendencies to exert control over individuals or groups for several purposes. To have a working knowledge of the inner workings of social engineering, one must be well-versed in the arts and sciences of manipulation and the art of persuasion ( Cialdini, 2009). T his essay tries to investigate these concepts in further detail, evaluate how they relate to social engineering schemes, point out how they are distinct from one another, and provide examples and settings in which each strategy might be successfully applied. 1. Influence: The capacity to shape or modify another person's views, opinions, or actions by using persuasion and persuasive arguments is what we mean when we talk about having influence. It is based on establishing a rapport with the individual or group you are trying to influence, as well as acquiring their credibility and trust. The art of persuasion entails putting out ideas or propositions in a manner that addresses both the rationality and the sentiments of the audience. It applies the ideas of social proof, authority, liking, consistency, and reciprocity to persuade individuals to take the desired action ( Cialdini, 2009) . 2. Manipulation On the other hand, manipulation involves employing ways that are more covert and dishonest to exercise control or influence over other people. It frequently takes use of people's flaws or vulnerabilities to compel them in the direction of a specified goal without their knowledge or approval, and it does this by exploiting such flaws or vulnerabilities to gain an advantage. Deception, coercion, making use of cognitive biases, and emotional manipulation are
some of the psychological strategies that are commonly utilized in manipulation techniques. Other techniques include using cognitive biases ( Cialdini, 2009). The difference between influence and manipulation is that manipulation is characterized by dishonesty and a goal to advance the interests of the manipulator at the expense of the target. 3. The application of social engineering: When it comes to achieving certain objectives in social engineering, influence and manipulation are two key tools that are essential to use. The following are some examples that illustrate how each strategy can be applied: 1. Influence in social engineering: a. Building rapport and trust: Social engineers may spend time cultivating rapport and trust with their targets to increase their credibility and the possibility that their targets would comply with their requests. b. Methods of persuasion: Influence is based on the art of persuasion, which makes use of techniques such as emotional appeals, logical reasoning, and the presenting of convincing arguments. c. Social proof and authority: To influence people's judgements, social engineers may take advantage of people's tendency to emulate the behaviors or recommendations of those they regard to be experts or renowned personalities ( Cialdini, 2009). This is one method that social engineers use to influence people's opinions. d. Consistency and commitment: Influencers may utilize methods that prey on people's need for consistency and dedication. These strategies may include seeking small initial commitments that lead to larger ones later.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
2. Manipulation as it relates to Social Engineering: a. Taking advantage of people's cognitive biases Manipulators employ cognitive biases including the scarcity effect, anchoring bias, and confirmation bias to affect the decisions that people make. b. Emotional Manipulation: Manipulators use emotional methods like fear, guilt, or empathy to coerce their targets into complying with their requests or giving sensitive information. This is done so that the manipulators can achieve their goals ( Cialdini, 2009). c. assaults using social engineering, often known as tricking individuals in order, to obtain sensitive information or gain illegal access: these kinds of assaults involve fooling people. Impersonation, phishing emails, and pretexting are some examples of these types of scams. d. Taking advantage of positions of authority or mimicking recognized figures: Manipulators may employ this tactic to coerce their targets into acquiescing to their demands or obeying them. 4. Effectiveness and Examples: The conditions and the outcomes that are intended will be the primary factors in determining the level of success that can be achieved through manipulation or persuasion ( Cialdini, 2009). Both strategies have the potential to yield outcomes, but the ethical considerations involved in pursuing either one is very different. The following are some examples: 1. Influence: a. In the context of making a sale, a persuasive salesperson can convince a potential customer to make a purchase if they earn the potential customer's trust and provide sound reasons for their position.
b. Giving a speech in front of an audience: An audience might be encouraged and inspired by a compelling speaker who delivers an interesting and convincing speech. 2. Manipulation: Attacks on cybersecurity: a. Hackers may use deceptive methods to their advantage, such as sending phishing emails that deceive recipients into clicking harmful links or exposing personal information. b. Covert operations: Manipulation is utilized rather frequently in the field of intelligence. Utilize clandestine methods like gathering information or conducting covert operations to coerce your targets into divulging sensitive information ( Cialdini, 2009) . In conclusion, the components of social engineering that are most important are influence and manipulation. Influence is the art of swaying individuals to act in a way that is beneficial to oneself or one's organization using persuasion techniques and arguments that are convincing. Manipulation, on the other hand, relies on deceptive methods to secretly manipulate and exploit targets. The efficacy of each strategy is impacted by the circumstances as well as the ethical problems involved. By gaining an understanding of these concepts, one will be able to recognize social engineering frauds sooner and better defend themselves, contributing to the creation of a more secure setting.
Outline the structure of   Mitigation and Prevention Plan (MAPP) .   Discuss each of the four steps and   discuss your perspective of the benefits and value of implementing a MAPP in an organization. A Mitigation and Prevention Plan (MAPP) is a document that specifies the steps that an organization will take to mitigate and prevent security incidents. This document may also be abbreviated as MAPP. When it comes to security, taking a preventative stance can be of great assistance to companies in warding off potential threats ( Nolting, 2023) . A MAPP consists of the following four steps: The first thing that must be done is to make a list of the dangers that the company is up against. One method for accomplishing this is to carry out a risk assessment, the results of which will point out the dangers and weak spots that are faced by the firm. Consider the consequences of the risks. After the risks have been uncovered, it is necessary to evaluate them according to the likelihood of their occurrence and the severity of their consequences ( Nolting, 2023) . Because of this, the company will be able to prioritize the risks and put more of its attention on the ones that are the most dangerous. Develop strategies for risk reduction. Following the completion of the risk assessment, the organization needs to work on developing risk reduction initiatives. These solutions ought to be developed with the intention of lessening either the occurrence of the hazards or their severity. Implement mitigation strategies. The very last thing that must be done is to put into action the preventative measures that have been devised ( Nolting, 2023) . It's possible that this will require adjustments to be made to the organization's rules, procedures, or technology.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
There are many advantages to putting in place a MAPP, including the following: Increased security: A MAPP can help to lessen the likelihood of security events as well as the severity of any impact they may have. Cost savings: Because a MAPP helps to prevent security problems from occurring in the first place, it can help to bring down the expenses associated with those occurrences. Compliance can be improved with the use of a MAPP, which can assist businesses in meeting the requirements of various security standards. Enhanced confidence: A MAPP can assist companies in gaining the confidence of their customers, staff, and partners, all of whom are essential to their success. There is no question regarding the benefits of putting a MAPP into action. Organizations could defend themselves from danger and boost their bottom line if they take a proactive approach to security measures ( Nolting, 2023) . The following are some additional considerations to keep in mind when putting a MAPP into action: Acquire the support of top management It is essential to secure the support of top management for a MAPP ( Nolting, 2023) . This will assist in ensuring that the strategy is implemented and that the necessary resources are accessible when they are needed. Involve stakeholders: It is critical to include stakeholders in both the planning stage and the actual execution of a MAPP. This will contribute to the process of ensuring that the plan is thorough and that it satisfies the requirements of the company.
Maintain a current version of the plan: As the organization's risks evolve, the MAPP ought to be brought up to date on a consistent basis ( Nolting, 2023) . This will help to guarantee that the plan is effective in defending the organization and will contribute to its overall success. By adhering to these pointers, companies will be able to put into place a MAPP that will assist them in defending themselves against potential threats. A Mitigation and Prevention Plan (MAPP) is a structured technique that businesses use to identify, assess, and mitigate risks, vulnerabilities, and threats to their operations. This approach is also known as a risk management strategy. It has the goal of proactively minimizing the effect of prospective incidents and preventing them from happening in the first place ( Nolting, 2023) . The MAPP will include the following four primary steps: identification, evaluation, mitigation, and prevention. 1. Identifying the Potential Risks, Vulnerabilities, and Threats to the Organization The first stage in the MAPP is to identify the potential risks, vulnerabilities, and threats that could impact the organization. This includes carrying out a full assessment of the internal and external elements that may represent a risk, such as natural catastrophes, breaches in cybersecurity, disruptions in supply chain, or changes in regulatory requirements ( Nolting, 2023) . To achieve a comprehensive awareness of potential hazards, the process of identification also involves taking into consideration historical data, trends in the business, and the knowledge of industry experts. 2. Evaluation: After it has been determined which risks are there, the following stage is to evaluate how those risks might influence the company. This involves determining the possibility that each risk will materialize, as well as the gravity of the potential outcomes should it materialize ( Nolting, 2023) . Methods of risk assessment, such as qualitative or quantitative analysis, can be utilized to rank hazards in order of likelihood and impact to create a prioritized list of risks. During the assessment phase, companies have a better understanding of which risks
demand immediate attention and are therefore better able to allocate resources in accordance with those risks. 3. Mitigation: Once the business has completed an analysis of the risks, it can establish strategies and preventative measures to lessen the impact of those risks. In this stage, steps are taken to limit the possibility of potential risks occurring as well as their severity by developing action plans and putting control mechanisms into place. The implementation of security controls, the improvement of infrastructure resilience, the development of contingency plans, the regular training and drills, and the establishment of backup systems are all examples of measures that can be used for risk mitigation ( Nolting, 2023) . The objective is to reduce the number of vulnerabilities while simultaneously improving the organization's capacity to react quickly and appropriately to possible incidents. 4. Prevention: The fourth and last component of the MAPP is devoted to preventing potential dangers from becoming actual ones. The goal of prevention methods is to get to the bottom of what's causing potential dangers and then devise and put into action solutions that either eliminate or drastically cut down on the possibility of events happening. Enhancing staff awareness and training, establishing robust cybersecurity measures, engaging in continuous monitoring and improvement efforts, and upgrading organizational policies, procedures, and protocols are all potential steps in this direction ( Nolting, 2023) . The prevention phase places an emphasis on the proactive aspect of the strategy, which enables the company to avoid the possibility of suffering losses or disruptions. Advantages and Advantages of the Value of Implementing a MAPP: Implementing a Mitigation and Prevention Plan comes with several advantages and adds substantial value to a company. These advantages and values are as follows:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
1. Proactive Approach to Risk Management: The use of a MAPP helps businesses to adopt a more proactive strategy when it comes to risk management. Organizations can increase their overall resilience by reducing the incidence of incidents and the possible effect of those occurrences by detecting potential dangers in advance and taking preventative measures against them. 2. Continuity of Business: The successful execution of a MAPP contributes to the maintenance of business continuity by reducing the amount of time that operations are interrupted. Even in the face of unfavorable occurrences, firms are able to keep their capacity to provide products and services if they first determine their points of vulnerability and then put preventative measures into place ( Nolting, 2023) . 3. Cost-Saving Opportunities Investing in risk reduction and prevention strategies can, in the long run, result in cost-saving opportunities. The costs that relate to downtime, recovery, legal liability, reputational harm, or regulatory penalties can be significantly reduced for an organization if the impact of incidents is avoided or reduced as much as possible. 4. Improved Reputation: An effective MAPP displays an organization's commitment to risk management and the protection of its stakeholders ( Nolting, 2023) . This contributes to an improvement in the organization's reputation. Because of this, its reputation can improve, and it can gain confidence with customers, suppliers, partners, and regulatory agencies. 5. Obligations to Comply with Compliance and Legal Requirements A wide variety of sectors have obligations to comply with legal requirements that are connected to risk management. It is easier for firms to fulfill these commitments and maintain compliance with the necessary legal frameworks and industry standards when they have implemented a MAPP.
Advantage in the Market A comprehensive MAPP can give an organization an advantage in the market by distinguishing it from other businesses in its industry ( Nolting, 2023) . Customers and business partners frequently give firms that have well-established risk management policies a higher priority when it comes to working together. An organization's ability to proactively handle risks, preserve its assets, and increase their overall resilience can all be improved with the implementation of a Mitigation and Prevention Plan. Organizations can reduce their risk by discovering, evaluating, mitigating, and preventing the occurrence of probable incidents.  
Discuss Hagnagy’s concept for a   Social Engineering Code of Ethics .   Outline each of the aspects of the code, discuss the intention of their importance, and provide your assessment for the realism and importance (or lack thereof) of having a Code of Ethics in Social Engineering. The term "social engineering" refers to the process of manipulating individuals or groups for the aim of gaining unauthorized access to private data or influencing the conduct of others for the purpose of committing harmful acts. Instead of depending on technological flaws, it takes advantage of humans the field of psychology, trust, and social connections to get access. Given the potential for social engineering techniques to do harm and be misused, ethical issues play an essential part in establishing acceptable practices in this field (Mitnick, n.d.). In social engineering, the idea of a Code of Ethics seeks to set standards and values that professionals should adhere to during their professional activity. Even though there is no code of ethics that is universally acknowledged for the practice of social engineering, the more general fields of security and data technology frequently give ethical frameworks that can be utilized (Mitnick, n.d.). The following is a list of important topics that are frequently included in ethical codes in relation to social engineering: 1. Informed Consent: Ethical social engineering practices stress how important it is to get people's permission to manipulate or lie to them before doing so. This makes sure that everyone knows the goal, risks, and possible outcomes of the exchange (Mitnick, n.d.) . 2. Behave legally: Practitioners should work within the law and not do things that are against the law, like breaking into systems without permission or stealing data.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
3. Privacy and secrecy: One of the most important parts of ethical social engineering is respecting the privacy and secrecy of people. Practitioners should be careful with any information they get and make sure it can't be seen or heard by people who shouldn't be. 4. Duty of Care: Ethical social engineering has a responsibility to look out for people. Practitioners should think about how their actions might affect others and put the health and safety of the people concerned first (Mitnick, n.d.) . 5. Professionalism and honesty: Social engineers should keep their relationships professional and honest. This means being honest about their goals and not using any kind of pressure or trickery that could hurt people. 6. Respect the public by taking ownership and responsibility for your actions and how they affect the well-being of everyone in, around, and participating in the engagement (Mitnick, n.d.) . Before you do any social engineering, make sure you fully understand how it will affect other people and their well-being. 7. Avoid taking part in or doing unethical, illegal, or illegal things that hurt your professional reputation, the field of information security, the practice of social engineering, the well-being of others, or the parties and people in, around, and participating in the engagement. 8. Refuse any engagement or part of an engagement that could make a target feel weak or unfairly treated. This includes, but is not limited to, sexual harassment, making insulting comments (verbally, in writing, or in other ways) about a person's gender, sexual orientation, race, religion, or disability, stalking, following, trying to intimidate, or sending harassing materials. Also, you should avoid lewd or offensive language or behavior, which could be sexually explicit or offensive (Mitnick, n.d.) . You should also avoid language, behavior, or
content that uses cursing, obscene gestures, or slurs based on gender, religion, ethnicity, or race. If you use any of these strategies, you make it harder for the target to learn and grow from the interaction. 9. Do not manipulate, threaten, or otherwise make people feel bad in any way, unless a client tells you to because of their specific needs and testing setting. 10. Minimize the risks to your employer's, customers', and other people's information's privacy, availability, and/or integrity. After a social engineering job, it's important to make sure the information you got is safe. Never give private or confidential information to outsiders because it needs to stay private and confidential. Do not abuse any of the information or rights you are given as part of your job (Mitnick, n.d.) . 11. When training future social engineers, keep in mind that your training will have a long effect on your students, and that the way you train them will show up in everything they do in the future. Give students the information and tools they need to create good learning environments and productive situations for themselves and their clients in the future (Mitnick, n.d.) . 12. Make sure that you and your students' social engineering practices include careful, thoughtful, and kind ways to increase engagements that will finally mimic real-world attack vectors. Know that our clients are looking for ways to improve their security and work with them to make actual attack vectors harder to use (Mitnick, n.d.) . 13. Respect that social engineering engagements involve people's weaknesses, and don't make those weaknesses public through a blog, social media, or any other means that could hurt your client and the people, groups, and parties in, around, and involved in the engagement.
Social engineering benefits from a Code of Ethics. It establishes ethical standards for practitioners. It promotes industry trust and safety. A Code of Ethics can also help practitioners make ethical choices and regulate themselves. A Code of Ethics in social engineering may have different effects. Unethical social engineers may violate ethical standards. Social engineering involves deception, making ethical regulation difficult (Mitnick, n.d.). Code of Ethics is useful, but the social engineering community needs awareness, education, and continuing conversations. Professionals, researchers, and organizations can collaborate to produce best practices and ethical norms for social engineering.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Bring the Science of Social Engineering together with the various techniques and aspects of social media, the Triad of Disruption, along with the many methods and processes we have learned in this course, into your summary understanding of Social Engineering in the modern world. Feel free to use examples, experiences, and thoughts on the future of this discipline. In the modern, linked world, the practice of social engineering has developed in tandem with the explosive expansion of social media platforms. The term "social engineering" refers to the process of manipulating individuals or groups for the purpose of gaining unauthorized access, obtaining secret information, or influencing behavior for either selfish or malicious reasons. In addition to examining the Triad of Disruption, the purpose of this study is to bring together the fields of social engineering and the myriad of approaches and facets that are associated with social media (Robb, 2022 ) . In addition, to acquire an in-depth comprehension of social engineering in the contemporary world, we will investigate the strategies and procedures covered throughout the entirety of this class. The Art and Science of Social Manipulation: The multifaceted study of social engineering, which incorporates aspects of psychology, sociology, and technology, is known as social engineering. It is effective because it takes advantage of human frailties, cognitive biases, and social dynamics (Robb, 2022) . Social engineers can persuade individuals into giving critical information or undertaking actions that they wouldn't typically undertake because they have a thorough understanding of how people think, react, and come to conclusions.
The relationship between social media and Social Engineering: The proliferation of social media platforms has given social engineers more opportunities for exploitation to take advantage of. Attackers have access to a veritable treasure trove of data because to the massive volumes of personal information offered by these networks (Robb, 2022) . To obtain information for nefarious intentions, social engineers might take advantage of the trust and openness that is frequently demonstrated on social media platforms. For instance, a social engineer may target an individual on a professional networking platform by pretending to be a recruiter to gain access to sensitive information. They can obtain crucial personal information, such as birthdates, residences, or even financial details, by creating rapport with the target and gaining their trust. After that, this information might be used for identity theft, phishing scams, or any number of other criminal actions (Robb, 2022) . The Triad of Disruption: The combination of technology, psychology, and sociology is known as the "Triad of Disruption," and it is one of the factors that contribute to the success of social engineering. These components come together to form a potent toolkit for those who engage in social engineering (Robb, 2022) . Technology: Recent advances in technology have made it possible for social engineers to make use of more sophisticated tools and strategies. With the use of technologies such as email spoofing and deepfake, attackers can effectively impersonate trustworthy individuals or construct invented scenarios to trick targets (Robb, 2022) . Cognitive biases and psychological principles are two tools that social engineers use to influence the people they are trying to influence. Decision-making processes can be influenced,
and rational judgment can be circumvented using strategies such as exploitation of authority, scarcity, and social proof (Robb, 2022) . Social engineers can efficiently manipulate individuals by gaining an awareness of certain psychological vulnerabilities. Understanding the social dynamics and cultural norms that exist within a particular group is essential to the success of social engineering approaches, according to sociology. Social engineers research social hierarchies, group dynamics, and communication patterns to construct convincing narratives and influence people's actions (Robb, 2022) . The Applications of Social Engineering: Methods and Processes: This course has presented a comprehensive toolkit that can be used to better understand social engineering assaults as well as defend against them. These are the following: Awareness and Education: Educating individuals and organizations about the many strategies and methods used in social engineering can be helpful in preventing successful attacks. Raising awareness among individuals and organizations about these various strategies and methods can also help (Robb, 2022) . Individuals can get the empowerment to recognize and respond correctly to attempts at social engineering if they participate in training programs and seminars. Two-Factor Authentication: Putting in place comprehensive security measures, such as two-factor authentication, is one way to reduce the likelihood of being targeted by social engineering assaults. If we add another degree of verification, then even if attackers manage to gain passwords, they will still need another kind of authentication to access the system (Robb, 2022) .
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Incident Response: The development of efficient protocols for incident response assists organizations in detecting social engineering assaults, responding to those attacks, and recovering from those attacks. Improving preparation and reducing the negative effects of successful assaults can be accomplished using routine training exercises, simulated occurrences, and retrospective investigations of previous incidents. The Prospects for the Field of Social Engineering: The field of social engineering will undergo significant change as technological progress continues unabated. It is possible for both attackers and defenders to make use of automation, machine learning, and artificial intelligence in their work.These technologies can allow for more precise detection and prevention measures, while simultaneously allowing for an increase in the sophistication of assaults themselves. In addition, there is a growing trend toward the integration of internet-connected devices and the Internet of Things (IoT), which opens new opportunities for commercial gain.
References Cialdini, R. B. (2009). Influence: Science and Practice (5th ed.). Pearson. Mitnick, D (n.d.). The art of deception - zenk-security. https://repo.zenk-security.com/Magazine %20E-book/Kevin_Mitnick_-_The_Art_of_Deception.pdf Robb, D. (2022, November 7). What is social engineering? definition, types, attack techniques . VentureBeat. https://venturebeat.com/security/what-is-social-engineering-definition- types-attack-techniques/ Nolting, D. J. (2023). Safety Program Management:" Proof of Concept". Christian Faith Publishing, Inc.

Related Documents

Design Project 1 (4).docx
Career Outlook Assignment Instructions (1).docx
696 Course Project Proposal.docx
Community Resources Alignment Project Demographic Study Assignment Instructions.docx
223-Assignment3-IncaBridge-2023.docx
EW IMD I-PLAN.docx
Midterm1_Part1_2022 (1).docx
RIICWD534E-Class-activity-book-COURSE.docx
F106ORB_Study_Guide Complete.docx
M1_Activity_2.8_calculate quantities.docx
3054 rubric.docx
3054 rubric 2.docx
Recommended textbooks for you
Text book image
Engineering Fundamentals: An Introduction to Engi...
Civil Engineering
ISBN:9781305084766
Author:Saeed Moaveni
Publisher:Cengage Learning
Text book image
Solid Waste Engineering
Civil Engineering
ISBN:9781305635203
Author:Worrell, William A.
Publisher:Cengage Learning,
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Engineering Fundamentals: An Introduction to Engi...
Civil Engineering
ISBN:9781305084766
Author:Saeed Moaveni
Publisher:Cengage Learning
Text book image
Solid Waste Engineering
Civil Engineering
ISBN:9781305635203
Author:Worrell, William A.
Publisher:Cengage Learning,
SEE MORE TEXTBOOKS