Question

In: Computer Science

As the CIO/CISO, recognize that your biggest threat are you human users. Discuss how training plan...

As the CIO/CISO, recognize that your biggest threat are you human users. Discuss how training plan (e.g. spearphishing exercise) that you would put in place to help prevent your users from being socially engineered?

Solutions

Expert Solution

Spear phishing attempts have been used to swindle individuals and companies out of millions of dollars. They can also do damage in other areas, such as stealing secret information from businesses or causing emotional stress to individuals.

Think before you click:

Attackers employ a sense of urgency to make you act first and think later in phishing attacks. When you get a highly urgent, high-pressure message, be sure to take a moment to check if the source is credible first. The best way is to utilize another method of communication different from where the message is from - like texting the person to see if they emailed you an urgent message or that was from an attacker. Better be safe than sorry!

Research the sources:

Always be careful of any unsolicited messages. Check the domain links to see if they are real, and the person sending you the email if they are actual members of the organization. Usually, a typo/spelling error is a dead giveaway. Utilize a search engine, go to the company’s website, check their phone directory. These are all simple, easy way to avoid getting spoofed. Hovering your cursor on a link before you actually click on it will reveal the link at the bottom, and is another way to make sure you are being redirected to the correct company’s website.

Don’t download files you don’t know:

If you don’t know the sender, don’t expect anything from the sender and don’t know if you should view the file they just send you with “URGENT” on the email headline, it’s safe not to open the message at all. You eliminate your risk to be an insider threat by doing so.

Offers and prizes are fake. If you receive an email from a Nigerian prince promising a large sum of money, chances are it’s a scam.

1. Delete any request for personal information or passwords. Nobody should be contacting you for your personal information via email unsolicitedly. If you get asked for it, it’s a scam.

2. Reject requests for help or offers of help. Social engineers can and will either request your help with information or offer to help you (i.e posing as tech support). If you did not request any assistance from the sender, consider any requests or offers a scam. Do your own research about the sender before committing to sending them anything.

3. Set your spam filters to high. Your email software has spam filters. Check your settings, and set them to high to avoid risky messages flooding into your inbox. Just remember to check them periodically as it is possible legitimate messages could be trapped there from time to time.

4. Secure your devices. Install, maintain and update regularly your anti-virus software, firewalls, and email filters. Set your automatic updates on if you can, and only access secured websites. Consider VPN.

5. Always be mindful of risks. Double check, triple check any request you get for the correct information. Look out for cybersecurity news to take swift actions if you are affected by a recent breach. I recommend subscribing to a couple of morning newsletter to keep you up to date with the latest in InfoSec like Cyware or BetterCloud Monitor. If you are a podcast person, Decrypted by Bloomberg, DIY Cyber Guy and Reply All offer easy to digest information and news that’s very user-friendly.


Related Solutions

Your CIO asks you develop a governance plan for enhancing information access that is necessary for...
Your CIO asks you develop a governance plan for enhancing information access that is necessary for the success of an expanded population health program. Part of your plan is the introduction of new KPI’s. List five (5) KPI’s associated with the new governance plan. For each KPI, include metric, definition, and goal.
CASE STUDY: Your CISO has asked you to lead a meeting to discuss the possibility of...
CASE STUDY: Your CISO has asked you to lead a meeting to discuss the possibility of allowing users to bring their personal devices (phones, laptops, watches, tablets, etc) to work and join the network. Develop an agenda including a list of talking points and considerations to get the project started. Provide a basic agenda including a list of considerations. Please use proper grammar, spelling and punctuation. Cite references. write your own ideas
What was your biggest challenge in developing a communication plan? How can you use communication planning...
What was your biggest challenge in developing a communication plan? How can you use communication planning in your life?
Discuss a nursing care plan for bladder training for the elder. Discuss a nursing care plan...
Discuss a nursing care plan for bladder training for the elder. Discuss a nursing care plan for bowel training for the elder.
Create an education/training plan for causing breast cancer. Who will provide the education/training plan and how?...
Create an education/training plan for causing breast cancer. Who will provide the education/training plan and how? and also define success of your plan? please provide reference of your source for further study?
Discuss how you would incorporate communication in your training program (audience would be for orientation, or...
Discuss how you would incorporate communication in your training program (audience would be for orientation, or your team you manage). Explain what you would do and when you would do it. Also, how would you check for effectiveness?
In your post, discuss what you believe will be one of the biggest challenges for operations...
In your post, discuss what you believe will be one of the biggest challenges for operations and transportation professionals in the next 10 to 20 years. Whether it is achieving sustainability, a shift in the marketplace, or the demand for even more service at a lower cost, articulate what you believe we must be ready to tackle.
Identify a man-made threat on an asset. Discuss how the threat was carried out. What steps...
Identify a man-made threat on an asset. Discuss how the threat was carried out. What steps did the attacker take prior, during, and after threat? Could this situation have been handled better? Explain.
What will be your biggest financial challenge in starting and running your business? How will you...
What will be your biggest financial challenge in starting and running your business? How will you meet this challenge? ( for shoes online business)
Consider a social force, which can be threat for your garments business. Discuss in detail how...
Consider a social force, which can be threat for your garments business. Discuss in detail how will you avoid this threat to save your business by using your strength(s)
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT