Problem:
Scenario:
You are the manager of a large division of your company. One of the supervisors under your leadership handles customer complaints. This supervisor recently received an e-mail addressed specifically to the supervisor from a customer complaining that one of the product listings on your website was incorrect. The e-mail contained a URL that pointed to the page with the error on it. The supervisor came to you to let you know that after clicking on the URL provided by the customer, nothing appeared to be wrong with the page. The supervisor attempted to reply to the customer's e-mail address but received a message that read, "No such e-mail address exists." Shortly after the supervisor responded to the customer complaint e-mail, you noticed that your computer was running slowly and that someone had been able to access some confidential files on your system. Normally, supervisor e-mail addresses are not public, so you are not sure how the customer obtained the supervisor's e-mail address. You also are not sure how anyone could have gotten password or access privileges to your confidential files. Your boss told you other individuals have noticed that some of their confidential files have been accessed. Your boss wants a report on his desk by the end of the week that outlines:
- How an intruder could have gained access to the confidential files located on the network
- What process you are going to use to ensure that the network and files are not compromised again
- What type of training or policies need to be put in place to ensure that the network and files are secure
- Your task will be to provide answers to the three questions given to you by your boss. Your suspicion is that your company was a victim of a social engineering attack, and you believe that this information was used to gain access into the company's computer systems.
Task:
A. Create a memo (suggested length of 1 page) discussing how you believe the intruder gained access to the company's network using social engineering.
B. Create a security recommendations list suggesting prescriptive measures that should be implemented to prevent such intrusions in the future.
C. Create a mock-up (suggested length of 1-2 pages) of how you would test your organization's vulnerability to a social engineering attack. Include the following in your mock-up:
- What techniques you would use
- Who you would use the techniques on
- What questions you would ask
Additional Information:
This is a scenario analysis where company's confidential information was accessed by network intruder. This was noticed after responding to the customer's query as well as following the link provided by customer. The required actions as well as plans to secure the network and network files has been given comprehensively in the solution.
Total Word Limit: 1484 Words