CYB 260 Project Three

.docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

260

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

Uploaded by Pedromonge40

5-2 Project Three Milestone: Social Engineering Southern New Hampshire University CYB-260 Legal and Human Factors of Cybersecurity Dr. James A Burghard (Dr. B)

5-2 Project Three Milestone: Social Engineering Page 2 I. Significance of Social Engineering for Security Practitioners: Since social engineering exploits psychological traits rather than technical flaws, security professionals must be well-versed in it. Humans are still the security chain's weakest link, no matter how far cybersecurity has come. Social engineering attacks aim to get victims to reveal sensitive information, authorize unauthorized access, or do something else that could put security at risk. When security professionals have a firm grasp of social engineering tactics, they are better equipped to create safeguards, educate the public, and establish protocols to ward off potential threats (What Is Social Engineering in Cybersecurity?, 2023). Given the gravity of the threat it poses to organizations, understanding social engineering is essential for security professionals. Using deception to get people to reveal sensitive information or do things that could put security at risk is what it is all about. Security professionals must comprehend social engineering. II. Selected Social Engineering Methods: 1. Physical: Dumpster Diving:  "Dumpster diving" refers to searching for confidential company documents through waste. Malicious actors may gather documents containing sensitive information, such as login credentials, and use this information to pose as legitimate employees or undermine security systems. 2. Psychological: Persuasion/Coercion:  Coercion and persuasion strategies take advantage of people's frailties in order to get them to do things they would not normally do or reveal facts that would be embarrassing for them. Attackers may employ persuasive tactics to compel their targets to do what they want, including establishing rapport or making them feel like they need to act quickly.

5-2 Project Three Milestone: Social Engineering Page 3 3. Technological: Phishing:  By sending deceptive emails or texts, scammers fool their targets into divulging sensitive information or downloading malicious software. Suspects frequently pose as reputable organizations, such as banks or government institutions, to trick victims into divulging sensitive information or clicking on risky links. III. Training Employees to Reduce the Threat of Social Engineering: Case Study: Mitnick's DMV Hack Selected Method: Phishing  Key warning signs:  Unusual requests for sensitive information via email or phone.  A pressing request accompanied by a warning that there will be repercussions if the request is not met.  Unwanted attachments or links, suspicious spelling or grammar mistakes, or emails from unknown senders raise red flags.  Pressure tactics or threats in communication.  Unusual or suspicious behavior during information requests.  Best practices:  Please send requests for sensitive data across a secure channel to ensure their legitimacy.  It is essential to be cautious when dealing with attachments and links, particularly those from unknown or dubious sources.  Contact the IT security group right away if you suspect a phishing effort.  Put strict guidelines in place for dealing with sensitive information.  Motivate your staff to be skeptical by asking them to question out-of-the- ordinary demands.  Training Strategies:  Staff members can be better prepared to spot and avoid social engineering attacks if you hold frequent security awareness training sessions.  The best way to learn how to recognize and react to phishing efforts is to practice with simulated attacks.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help