https://learning.oreilly.com/library/view/social-engineering-the/9780470639535/9780470639535_summary.html
CYB 260 Project Three Milestone Guidelines and Rubric Social Engineering CYB 260 Project Three Milestone Guidelines and Rubric Social Engineering Overview One of the fundamental maxims of cybersecurity is that security is everyone’s responsibility. Ultimately, this speaks to the idea that regardless of the physical or technological protections in place, the weakest link will always be the human factor. In Project Three, one of the requirements you will address relates to the importance of training for cybersecurity awareness. In a study of over 50,000 incidents, Verizon (2017) reported that 49% of all breaches involved a human element. In this activity, you will investigate a particular area of concern—social engineering. Prompt After reviewing this module’s reading and resources, address the critical elements listed below. I. Summarize the significance of social engineering as an area for a security practitioner to have knowledge of. II. Select one social engineering method from each of the categories in the table below. For each of your chosen methods, provide a brief description of how that method could be applied to expose an organization. Social Engineering Methods Physical Psychological Technological Dumpster diving Shoulder surfing Piggybacking/tailgating Baiting Impersonation Seduction Persuasion/coercion Reverse social engineering Phishing Pharming Spim/smishing Spit Vishing Trojans and viruses Man-in-the-middle III. Select one of the case studies from Chapter 8 in Social Engineering: The Art of Human Hacking (linked in the Reading and Resources section of Module Five). Describe an appropriate method of training employees to reduce the threat of one of the social engineering methods used in your selected case study. In your response, consider including the issues related to the following questions: What are the key warning signs that would indicate to an employee that they are a victim of social engineering? 1 What are the best practices employees should be aware of concerning the social engineering method? What are ways training can help with getting employees to adopt the security mindset necessary to reduce the vulnerability to the social engineering threat? Rubric Guidelines for Submission: Your submission should be 2 to 3 pages in length and should use double spacing, 12-point Times New Roman font, and one-inch margins. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_100_Project_One_Neo_Anderson.docx. Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (65%) Not Evident (0%) Value Significance of Social Engineering Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Summarizes the significance of social engineering as an area for a security practitioner to have knowledge of Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 18 Application of Social Engineering Method: Physical Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes how a physical method of social engineering could be applied to expose an organization Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 18 Application of Social Engineering Method: Psychological Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes how a psychological method of social engineering could be applied to expose an organization Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 18 Application of Social Engineering Method: Technological Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes how a technological method of social engineering could be applied to expose an organization Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 18 Training Employees Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes an appropriate method of training employees to reduce the threat of one of the social engineering methods used in the selected case study Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 18 2 Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (65%) Not Evident (0%) Value Articulation of Response Submission is free of errors related to citations, grammar, spelling, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to citations, grammar, spelling, or organization Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas 10 Total 100% Reference Verizon. (2017). Data breach digest: Perspective is reality. Retrieved from http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest-2017- perspective-is-reality_xg_en.pdf 3 http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest-2017 CYB 260 Project Three Milestone Guidelines and Rubric Social Engineering Overview Prompt Rubric Reference