1)Week 2 Written Assignment
Field: Information Systems
- Search the Internet for IT governance planning. Select a specific governance plan that exists at a company or a plan framework from an organization. Write a 2-page paper on three or four of the most important suggestions from the plan you select.
You must provide a reference to the site where you found the governance plan, in APA format.
2 Discussion Question.
Perform a search on the Web for articles and stories about social engineering attacks or reverse social engineering attacks. Find an attack that was successful and describe how it could have been prevented.
- Students are required to post one original response to the discussion questions each week, as well as a response to one classmate. Original responses should not be a word for word rehashing of what is stated in the readings, but rather an integration of the concepts and additional insights, either from real world experience or additional sources. It should be a 250 word response to the question Your primary posting may end with a tag-line or a related question of your own.
3). Responses to classmates should not be “I agree” or “I like the way you stated that.” These responses should again be insightful, offering an opinion or facts based on your research and experiences. The response to one classmate should be a minimum of 125 words. See APA criteria for citing resources. You must provide a minimum of a reference, in APA format, in your original response.
Response to classmate is :
Typically, most of the hacking in today’s world seem to be caused by infecting systems with malwares like virus, logical bombs etc. But there is another set of hackers who target the most vulnerable part of any organization: Human psychology. They use procedures which the employee uses in daily basis like E-mail, telephonic calls etc. and thus making it very susceptible. These attacks are also called as Social Engineering attacks. Five common social engineering attacks are as follows:
PHISHING: Phishing is one of the most commonly methods used to get user’s personal and financial information. This attacks reach individuals in form of mails or telephonic calls where the user is tricked to give information.
PRETEXTING: Pretexting is when the hackers create a scenario such that it looks genuine to the target and they give in information or access to the attacker party. Example would be when an outsider tries to get into organization by faking identity and lost entry pass.
BAITING: Baiting is similar to Phishing, but here the target is also enticed with gifts and prizes. Baiting usually happens when user tries to download a movie or music, where the target is made to surrender the login credentials. Baiting are also done using physical media devices like USB, Hard disk etc. Next time when you find USB or Hardrive in your parking lot, it might be baiting.
QUID PRO QUO: This is similar to baiting except the prize promised is a service. In these types of attacks, the hackers keep calling or disturbing the target and when target raise a question about the same, they are enticed with getting rid of that problem if the target disable firewall or AV temporarily. This is very serious issue in itself.
TAILGATING: Tailgating is when attackers follows an employee and gets a unauthorized access into the office or server room.
Social engineering attacks are increasing in alarming rate and the target can never guess it until it happens. In 2007, a person with box of chocolates and his charm gained confidence of ABN Amro Bank , Belgium and walked out with up to 120000 carats gem stones. He not only tricked the security personal to give a duplicate key but also let him know the locker number. Consistent training and practicing alertness is the only way to overcome social engineering attacks.