Reply to discusion post below CMIT WK3

Dngnevrf
timer Asked: Jun 1st, 2019

Question Description

Collin,

In the military, we focus on yearly training in order to educate everyone on the risks of letting inside knowledge out of the box. In the Navy, there’s plenty of old posters like “Loose lips sink ships,” or “Someone Talked!” dating back to World War II where controlling information about your military assets and protecting it from the Axis powers was top priority (Hasic, 2016). With proper training, the majority of social engineering attacks and identity theft can be prevented because employees will be able to quickly identify and mitigate the damage from a possible attack. Some of the following suggestions are neatly organized on page 711 of the EC-Council book, and some of the suggestions I wrote down from personal experience or from other classes I’ve taken.

A lot of practices I would instill would be: training on mobile phone safety (SMiShing, fake security apps, malware from third party software) and training on shredding all papers from the work space. Physical security items would consist of: install monitor privacy screens, no screens visible from windows or entrances, badges for employees with turnstiles and a guard, no piggybacking or tailgating, and requiring two-factor authentication tokens. Email safe practices: don’t respond to possible phishing techniques, don’t forward emails that may have viruses or dangerous links and alert security, and look for digital signatures/encrypted emails to lend more trust. Prevention training on identifying insider threat signs, train on company’s confidential data to prevent unintentional spillages, and train on identity theft (use shredders at home, careful of publicly available info, suspicious of phishing calls, strong passwords), credit reports, credit monitoring services.

As a company, I would conduct social engineering exercises, hire after background checks, give the least amount of privileges needed for each individual’s job, monitor privileged users, and conduct periodic risk assessments. Upon terminating an employee, I would disable all account before notification and have them escorted out after collecting their things and turning in all badges and two-factor authentication tokens.

Obviously smaller companies would have to pick and choose what is most important to keep them safe while not hindering the efficiency or productivity of their employees. To do that, I would make sure they conduct a risk assessment and find a level of risk that they are comfortable accepting if they do not implement all safe practices.

loose lipsStop TalkingSomeone Talked

EC-Council. UMUC: Certified Ethical Hacker (CEH) Version 10 eBook w/ iLabs (Volumes 1 through 4). [eVantage]. Retrieved from https://evantage.gilmoreglobal.com/#/books/9781635...

Hasic, A. (2016, December 8). The U.S. in World War II: See the Posters That Urged Secrecy. Retrieved May 30, 2019, from http://time.com/4591841/loose-lips-sink-ships-post...

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

This question has not been answered.

Create a free account to get help with this and any other question!

Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors