CYB_260_Project_Three_Milestone_Brian_Saintsing.docx.

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

260

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

4

Uploaded by HighnessPowerRhinoceros30

Report
February 13 th , 2024 CYB 260: Legal and Human Factors of Cybersecurity Project Three Milestone: Social Engineering I. Social engineering is crucial for security professionals as it exploits human psychology to gain unauthorized access, targeting the human element which is often the weakest link in security systems. Techniques like phishing and pretexting are employed, necessitating an understanding of these methods to recognize and mitigate potential threats effectively. This knowledge enables practitioners to develop proactive measures and robust security policies, educating employees about social engineering tactics to enhance resilience against cyber threats alongside technical security measures. The prevalence of social engineering in real-world scenarios underscores its importance in comprehensive security strategies. It exposes organizations to significant risks, making awareness of its tactics essential for anticipating, detecting, and responding to potential threats. Integrating social engineering awareness into security protocols enhances an organization's resilience against evolving cyber threats, ensuring effective protection of sensitive assets and information. II. Social engineering encompasses a range of methods through which attackers manipulate individuals to breach organizational security. In the physical domain, tactics such as dumpster diving involve retrieving sensitive information from discarded documents or electronic devices
found in trash bins. This method poses risks to organizations as attackers may uncover passwords, financial records, or internal communications, jeopardizing confidentiality. Psychological strategies, including impersonation, present significant threats to organizational security. By impersonating trusted figures like IT technicians or delivery personnel, attackers gain access to restricted areas or manipulate employees into disclosing sensitive information. Impersonation exploits trust and authority, making it a potent tool for attackers seeking unauthorized access to organizational assets. In the realm of technology, phishing stands out as a prominent method. This technique utilizes deceptive emails or messages to trick individuals into revealing personal or confidential information. Attackers often impersonate reputable entities or trusted contacts, enticing victims to click on malicious links or download malware-infected attachments. Through phishing attacks, attackers compromise sensitive data and expose organizations to cybersecurity risks, underscoring the importance of educating employees to recognize and counter such threats. III. In the Mitnick Case Study One: Hacking the DMV, the attacker convinced the technician using persuasion. Some red flags that should have tipped off the employee to potential social engineering included the absence of an identification number from the caller, the request for sensitive data, and the lack of prior notification from superiors about the call. To improve security practices, the employee could have done things like getting the caller's contact information and verifying it by calling back or involving a supervisor before sharing sensitive information. Moreover, Nortel's use of a basic password, which the attacker quickly figured out, reveals a big security problem. This shows how important it is to have strong password rules and
security training for employees. By giving thorough security training, employees would be able to spot common attack methods and know how to handle them properly. Also, they would have learned what to do in such situations, possibly stopping the breach from happening. In the end, the attack on Nortel could have been avoided, but both the employee and the organization failed to put in place effective security measures. By building a culture of security awareness and implementing strong security rules, organizations can lower the risks from social engineering attacks. Employees have a big role in protecting sensitive information and assets, and with the right knowledge and tools, organizations can cut down the chances of successful attacks.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
N.A. n.d. What is Phishing? Cisco Enterprises. https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html#~ai- and-phishing Information Security Office. 2024. Social Engineering. Carnegie Mellon University. https://www.cmu.edu/iso/aware/dont-take-the-bait/social-engineering.html#:~:text=Social %20engineering%20is%20the%20tactic,or%20giving%20away%20sensitive%20information . Wright, Gavin. April 2021. Dumpster Diving. Tech Target. https://www.techtarget.com/searchsecurity/definition/dumpster-diving

Related Documents

AI Report Order_6364776_IT_640_5-3_Milestone_Two.pdf
COIT20263 ass2 part 2-Final (2).docx
CYB 200 Module Three Case Study Template.docx
CYB_200_Project_Three_Milestone_Brian_Saintsing.docx..docx
CYB_260_Project_One_Brian_Saintsing.docx..docx
Task3 d270 4th and goal.pdf
SITXCCS016 Jasvir Kaur (1).docx
SITHKOP010 Sonia IBV3000628.docx
Week06_02.docx
Preedits_monopneumonous_twice-challenged.docx
Metamerically_plunger_counterrampant.docx
Case_Study P1.docx