Assignment 2 Social Engineering Awareness Program for a Large Corporation | CSIS 343 - Cybersecurity
- Develop procedures for employees to report suspected social engineering attempts.
Discuss the role of incident response teams in investigating reports, communicating with affected employees, and implementing corrective measures.
Procedures for Employees to Report Suspected Social Engineering Attempts:
Awareness Training: Before anything else, employees should undergo regular training sessions on social engineering tactics. This will ensure that they are aware of common methods used by attackers, such as phishing emails, pretexting phone calls, and baiting. Designated Reporting Channels: Establish clear channels for reporting. This could be a dedicated email address, a phone line, or an online form specifically designed for reporting such incidents. Incident Reporting Form: Create a standardized incident reporting form that captures essential
information such as:
Date and time of the suspected attempt. Method used (e.g., phishing email, phone call). Description of the attempt. Any communication details (e.g., email sender's address, phone number). Any files or attachments involved. Other relevant details. Immediate Action Steps: Instruct employees on immediate actions to take if they encounter a
suspected attempt, such as:
Not responding or engaging further with the attacker. Not clicking on any links or downloading any attachments. Reporting the incident promptly. Whistleblower Protections: Ensure that employees feel safe and protected when reporting incidents. Establish a policy that guarantees non-retaliation against those who report in good faith. Review and Feedback: Periodically review the reporting procedures and gather feedback from employees to identify any areas of improvement.
Role of Incident Response Teams:
Initial Assessment: Upon receiving a report, the incident response team should promptly assess the nature and severity of the reported attempt. Investigation: Determine the scope of the social engineering attempt. This might involve: Analyzing the reported email or message for malicious content. Tracing back the origin of the communication. Checking for any compromised systems or data. Communication: The incident response team should maintain clear and consistent
communication with affected employees. This includes:
Providing guidance on any immediate actions they need to take. Keeping them informed about the progress of the investigation. Addressing any concerns or questions they might have. Coordination: Collaborate with other departments or external entities, if necessary. This could involve working with the IT department for technical analysis or consulting with legal and compliance teams regarding any potential regulatory implications. Documentation: Maintain detailed records of the incident, including findings, actions taken, and lessons learned. This documentation will be invaluable for future reference and for refining incident response procedures. Corrective Measures: Based on the findings of the investigation, the incident response team
should:
Implement immediate remediation steps to address any identified vulnerabilities or compromises. Provide recommendations for longer-term improvements to prevent similar incidents in the future. Offer training or awareness sessions tailored to the specific nature of the reported social engineering attempt. By establishing clear reporting procedures and empowering a dedicated incident response team, organizations can effectively address and mitigate the risks associated with social engineering attempts. Regular training, open communication, and continuous improvement are key to building a robust defense against such threats.