psychology of cyber security the human factor
Task 1
First, investigate specific behavioral traits of individuals used to extract maximum information.
- Common psychological features of humans that make them susceptible to cyber attacks:
- Excitement of victory; excited about winning or finally getting a major break.Or similarly, fear of Loss or fear of loosing out on the once in a lifetime opportunity.Everyone gets those emails that offer a huge amount of money if you just send in your vital information and a “small” deposit.
- Fear of Authority – an individual who is easily intimidated by authority figures will be easily tricked into giving up information.
- Desire to be helpful.Helpdesks and front office personnel are usually friendly people who just want to help.Companies train their employees to be customer and vendor friendly.In their desire to be helpful and to solve problems quickly, they often give out a lot of information that otherwise should not be disclosed to an outsider.
- Need for praise, to be needed, or flattery.
- Boredom or laziness caused by doing the same task over and over on daily basis leading to shortcuts and minimal efforts.
- Lack of knowledge or training. Sometimes this equates to not knowing what you know so that information is easily passed.
- Read the Human Factor of Cyber Crime and Cyber Security pdf
- Read Human Factors in Cyber Security pdf
- Read Leveraging Human Behavioral Science to Mitigate Cyber Security Risk pdf
- Watch Cyber Risk and the Human Factor https://youtu.be/Q-wcJC2YUW8
Second, investigate the routine human factors in computer use that make companies vulnerable to attacks.
- Review the web site from the Second Annual Human Factor Report http://www.marketwatch.com/story/new-proofpoint-research-how-attackers-exploit-people-to-circumvent-cyber-security-2015-04-22Focus particularly on the major issues in security due to human factors:
- Every organization clicks.
- Middle management is a bigger target.
- Sales, Finance and Procurement are the worst offenders.
- Clicks happen fast.
- Attacks are occurring mostly during business hours.
- Users learn, but attackers adapt faster than users can learn.
Task 1: Put yourself in the mind of a social engineer in order to assess vulnerabilities in the company.You enter the main facility on your first day, having met previously offsite with the COO to discuss your plan.Your aim is to make it appear perfectly normal to everyone that you should be there even though they do not know you and have not been told of your arrival. Complete the scenario of what you would then do to make yourself familiar to those that you want to exploit therefore lowering their guard. Once you become familiar with the most influential people within the building, then you strike. Your ultimate goal is to reach the server room that is behind controlled access doors.
- Describe your plan of attack including who you will attempt to compromise to get information and access
- How you will gain access to the server room
- How you will remove information from the server room and exit the building with being caught.
- Then discuss why you were able to complete the attack based on what you know about psychological and physical vulnerabilities.Provide references to back your explanation.
Rubrics CIS660 (weighted analytic rubric)
Task 1
|
Elements |
Exceeds Competency 90 – 100 |
Competent 80 – 89 |
Developing Competency 70 – 79 |
Not Competent Below 70 |
|
Mechanics Grammar, spelling, sentence structure; Cite sources in APA format from reputable reference materials (10%) |
All work is in APA format with appropriately cited sources; no grammar or spelling errors.Uses complete sentences, well formed paragraphs, and graduate level word usage and complex sentence structure. |
May have one APA error; no grammar or spelling errors. Uses complete sentences, well formed paragraphs, and graduate level word usage and complex sentence structure. |
More than one but less than 3 APA errors; less than 3 errors in grammar and/or spelling.Uses complete sentences, and no run on sentences, but may not use graduate level word usage. |
More than three APA errors and more than 3 errors in grammar and/or spelling. Sentence structure is poor and may not contain whole sentences or paragraphs. |
|
Plan of Attack (20%) |
Clearly describes a logical, step by step plan of attack including who will be the victim of the attempt to compromise to get information and access and how the initial entry will occur. Enhances the plan with drawings or graphics of the site and possible issues. |
Clearly describes a logical, step by step plan of attack including who will be the victim of the attempt to compromise to get information and access and how the initial entry will occur. |
Describes a plan of attack including who will be the victim of the attempt to compromise to get information and access and how the initial entry will occur. However, it may be vague, difficult to follow, or not in steps. |
Does not complete a plan or it is illogical. |
|
Accessing Server Room (20%) |
Clearly describes the process and route to gain access to the server room.This will include who may need to be compromised, explanations that could help if questioned, and common strategies of social engineering. Provides well-supported documentation from reliable sources to support the process. |
Clearly describes the process and route to gain access to the server room.This will include who may need to be compromised, explanations that could help if questioned, and common strategies of social engineering. |
Briefly describes the process and/or route to gain access to the server room.May not include who may need to be compromised, explanations that could help if questioned, or common strategies of social engineering. The process may be vague or difficult to follow. |
Does not include process or it is illogical. |
|
Removing Information (20%) |
Describes a detailed plan for removing information from the server room and exiting the building without being caught.The plan is logical and realistic for a social engineer, not contrived or dramatic.Provides well-supported documentation from reliable sources to support the process. |
Describes a detailed plan for removing information from the server room and exiting the building without being caught.The plan is logical and realistic for a social engineer, not contrived or dramatic. |
Describes a plan for removing information from the server room and exiting the building without being caught but the plan may not be realistic for a social engineer, or is contrived or overlydramatic. |
Does not include a plan or it is illogical. |
|
Why Able to Complete Attack (30%) |
Clearly and logically proposes an explanation of why was able to complete the attack based on accurate information on psychological and physical vulnerabilities.Provides reliable references to back the explanation.Includes a diagram showing the points of vulnerability that the company could use to improve security. |
Clearly and logically proposes an explanation of why was able to complete the attack based on accurate information on psychological and physical vulnerabilities.Provides reliable references to back the explanation. |
Briefly proposes an explanation of why was able to complete the attack based.However, it may not be based on accurate information on psychological and physical vulnerabilities.Does not provide reliable references. |
Does not explain why attack could be completed or it is illogical. |
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!
NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.
