All posts must be (2) substantive responses with a minimum of 150 words each for Responses 1 and 2. Ensure you list and break down each response in a word document, along with its reference. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline.
Policy and procedures that are in place organization wide always need to be checked for effectiveness and to ensure staff are following the appropriate methods and procedures. This checks and balance system can be done with regular audits, log auditing, as well as recording and auditing phone conversations. These logs will check for inconsistencies in the network and in the actions performed by the staff, and the audits will check to ensure staff are acting on policy in real time with walk throughs of the facility and phone conversations with customers. Training is also a vital part of ensuring these measures take effect, once training is complete a survey can be put out to measure the understanding of the policy. Along with walk throughs in the organization a security officer or a hired security specialist can complete social engineering exercises to test the staff. These tests can and should be random to ensure that staff are following procedure as prescribed. Taking note of all of these methods and what staff seem to have trouble grasping is important because these issues will need to be revisited in training and possibly one on one training. The test phishing emails can also be set up to alert the security team of all persons who click on the links in the email and also the staff that forward it to others. It should also be calculated how many staff alert the security team of the email or of any security problem they are unsure about.
Kizza, J. M. (2009). Guide to computer network security (pp. 2007-2008). London: Springer.
To evaluate the effectiveness of the social engineering policies put in place for the Bank of the Great Danes (BGD), there are a few things I will check on to make sure they were carried out. I hired Iron Mountain to provide confidential paper recycling bins that will place trash canisters throughout the facility for ease of access to all employees. I have sent out electronic reminders informing employees to use the proper reciprocals for sensitive data and not regular trash cans (Mitnick, 2021). I have been created a team to randomly go around and check employee’s personal small trash bins to ensure sensitive documents are not found in them. I have even personally observed the outside public dumpsters to verify no sensitive paperwork is found, and so far I have not found any more sensitive documents.
When outside IT or other facilities repair workers are hired to come to service various things within BGD, I have been observing how this has been handled. I have placed a surveillance camera and a required signature log in the front lobby and have been reviewing the footage (Washo, 2021). When someone comes in, previously we would willing to let them in as long as they knew what issue was being fixed and mentioned who sent them. Now when they come in management is sent upfront to verify the company is legit and if all is clear that manager has to sign the sheet for documentation.
Last week we had an intruder who claimed he was there to fix the intermittent internet connection BGD has been experiencing. The thing was one of the managers had posted on Facebook “they were glad the intermittent internet issues at work would soon be resolved”. The intruder claimed the manager who posted the post had sent him, however, the actual crew of workers was not to come until the following day. The intruder event used a different company name. So far the social engineering implementations are working for BGD.
Mitnick, S. (2021, April 5). 6 types of social engineering attacks. Retrieved January 09, 2022, from https://www.mitnicksecurity.com/blog/6-types-of-social-engineering-attacks
Washo, A. (2021, July 25). An interdisciplinary view of social engineering: A call to action for research. Retrieved January 09, 2022, from https://www.sciencedirect.com/science/article/pii/S2451958821000749