TIM7030 Northcentral Week 6 Phishing Spear Phishing Assignment

User Generated

znpqnqv67

Other

Description

Please see the attached documents for instruction on whats need for these assignemtns.

Unformatted Attachment Preview

***PLEASE ENSURE ALL REFERENCES ARE SCHOLARLY RESOURCES*** Instructions Gathering of evidence is a key step to determine the impact of a security event on a target. In addition, evidence gathered can also be useful in the audit process. A cybersecurity professional should be aware of the relevance of the techniques and procedures involved in gathering and reviewing evidence. For this task, imagine that the CISO of a healthcare organization has asked you to explain the following evidence-gathering techniques to an audience of senior-level executives. It may help to pick a specific healthcare organization with which you are familiar. • • • • • • • Structured walkthrough Observing processes and employee performance Interviewing appropriate personnel Reviewing information system documentation Reviewing information system standards Reviewing information systems policies and procedures Reviewing information system organization structure Keep your audience in mind. Remember you are not preparing this for an academic audience. Your audience will not care about theoretical or conceptual issues in information security and healthcare in particular. They will only care about specific issues, strategies, and scenarios that are relevant to their organization. Length: 12-15 slides (with a separate reference slide) Notes Length: 200-350 words for each slide (in lieu of speaker notes, you may record a video or screen capture of yourself delivering the presentation, upload it to a video-sharing site such as YouTube, and submit the presentation along with a link to where the video can be viewed). Be sure to include citations for quotations and paraphrases with references in APA format and style where appropriate. ***PLEASE ENSURE ALL REFERENCES ARE SCHOLARLY RESOURCES*** ***PLEASE ENSURE ALL REFERENCES ARE SCHOLARLY RESOURCES*** Instructions For this task, imagine that an international organization has hired a national agency to levy phishing, spear phishing, and whaling attacks on a local competitor. The purpose of the attacks is to gain unauthorized access to the local company’s business systems at a later date. In this scenario, the nature of the event is the malicious action by the international organization. The spam email that is received and accessed by employees of the local competitor results in users being tricked into providing their logon credentials. The hackers then use the credentials to gain access to the local competitor’s business systems and information. It is critical that the events of the attacks be detected quickly because the local competitor is planning a marketing action, and the international organization could use this hacked information to get to their product or service to the market sooner. Write a paper that addresses the following: 1. Differentiate between phishing, spear phishing, and whaling attacks. 2. Delineate risk responses in terms of: 1. Risk Avoidance 2. Risk Acceptance 3. Risk Sharing/Transfer 4. Risk Mitigation • Determine risk mitigation through the application of industry best principles and practices and information security policies. 1. Determine risk mitigation through the application of well-known commercial tools such as PhishMe and PhishGuru. 2. Develop a plan for monitoring the infrastructure for security-related events. 3. Develop a plan for securing information assets. • Provide details on security awareness, training, and education. Length: 5-7 pages, not including titles and reference pages. Your paper should demonstrate thoughtful consideration of the ideas and concepts that are presented in the course and provide new thoughts and insights relating directly to this topic. Your response should reflect scholarly writing and current APA standards. ***PLEASE ENSURE ALL REFERENCES ARE SCHOLARLY RESOURCES***
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Please find attached. Let me know if you need edits. Cheers!

Outline
Introduction
Body
Conclusion
References


Running Head: CYBER SECURITY

1

Institutional Affiliation:
Student’s Name:
Course Code:
Date:

CYBER SECURITY

2

The Differentiate between phishing, spear phishing, and whaling attacks
There is a major difference between phishing, spear phishing, and whaling attacks.
Phishing can be reflected as a practice aimed at tricking people into sharing security and
personal credential (Chaudhry, Chaudry, & Rittenhouse, 2016). Such details may include the
passwords, usernames, or the log-in platforms that they use. The phishing practice often
harbors a malicious objective. The attack always occurs on an online platform such as email
or through a website.
Spear phishing is different from the practice of phishing. Spear phishing is a
personalized stealing of personal information. The entity engaging in spear phishing targets
an individual and disguises itself as a trustworthy enterprise. It could disguise as a
supermarket, online store, or a hospital which one attends to regularly (Laszka, Lou, &
Vorbeychik, 2016). It thus might send an email that is personalized which has requests for
personal information such as passwords, usernames, or other personal credentials linked to
one’s online platform, credit card, or office (Chaudhry, Chaudry, & Rittenhouse, 2016). The
spear phishing has a malicious goal, but it only focuses on individuals rather than sending a
general email.
Whaling attacks are different from phishing and spear phishing. Whaling attacks are
attacks that aim at stealing personal and sensitive information of groups. It could target the
business’ Chief Executive Officer, the Chief Accountant, or the Human Resource manager.
Whaling attack aims to persuade the persons in positions of power in a company to reveal
sensitive information which is accessible to them due to their positions of power in the
company (Chaudhry, Chaudry, & Rittenhouse, 2016). Such information would be the bank
accounts of the employees, details of...

Similar Content

Related Tags