Homework 55

WEEK5.LAB.ASSIGNMENT2020.docx

Home >Computer Science homework help >Homework 55

Week 3 LAB. Assignment - Case Study 5

Professor: Joseph O. Esin, FSMA, FWCCRD.

What is a Case Study?

· The purpose of a case study is to walk the reader through a situation where a problem is presented, background information provided and a description of the solution given, along with how it was derived.

· A case study can be written to encourage the reader to come up with his or her own solution or to review the solution that was already implemented.

· The goal of the writer is to give the reader experiences similar to those the writer had as he or she researched the situation presented.

· How to Write a Case Study

· Several steps must be taken before actually writing anything:

· Describe Situation/Problem: Choose the situation on which to write

· Background: Gather as much information as possible about the situation

· Background: Analyze all of the elements surrounding the situation

· Describe the Solution: Determine the final solution implemented

· Analyze the Results of the Solution: Gather information about why the solution worked or did not work

· For maximum points, a thorough case analysis thus has several phases; define the problem; list assumptions made; explore alternative solutions including consideration of costs and benefits; develop three alternative action plans; choose one of the plans to implement that can best resolve the issue most appropriately; and design accountability structures and processes to assess the outcomes and ensure the resolution is effective and sustained.

Source: http://education.cu-portland.edu/blog/curriculum-instruction/how-to-write-a-case-study-the-basics/

Citation Style

APA style with a cover page is required see https://owl.purdue.edu/owl/research_and_citation/apa_style/apa_formatting_and_style_guide/general_format.html

File Formats (Creativity Counts)

A standard research paper format may be used for this; however, for max points, use the latest technological presentation tools or video to present your ideas (PowerPoint, Prezi, iMovie, Adobe Portfolio, Google Drive – Presentation, YouTube, etc.). You are not limited to this list of tools; however, study your desired tool carefully. Make sure that the resulting file is both creative and designed for presentation to a professional audience.

Filename Format:

Case_Study1_YourFirstName_YourLastName (pptx/docx/…extensions vary by chosen tool) see File Formats section below.

Submission

Upload the resulting file via the Browse My Computer button for this Assignment.

Case to Analyze

Social Engineering Attack (SEA) Overlooked as a Dynamic

Component of Cybersecurity Operation

Social Engineering

Social engineering attack (SEA) is naturally overlooked as a vital component of cybersecurity threats. Definitely, SEA is an integral segment controlling psychological operations, commercial maneuvering measures, unrestricted internet access, and high-rate activities that tend to cause harm and disrupting services on organizations' network security operations. Social engineering attack (SEA) is an isolated occurrence in private, public organizations, healthcare industry, and higher education enterprise. Most SEA activities involve direct connection to the internet, enrichment of global interaction, digital communication, and data transmission. The preeminent method to mitigate social engineering attack is to equip users with ready-to-act techniques, rather than training them on theoretical concepts. SEA perpetrators typically use psychological moralities to circumnavigate security threats through persuasion and crafty manipulation techniques convincing users to disclose confidential information about the organization. SEA culprits often use psychological scruples and procedures to sail around security restrictions, through urging and psychosomatic principles, crafty manipulation techniques to sway users into divulging confidential information, such as user names, passwords, bank information, house and offices' alarm code to take control over organizations' security centers. SEA originated from English ingenuity-creativity, engineering-production, and most engineering activities related to creativity and originality. In prehistoric times, soldiers had to be ingenious to win the war; men and women had to be ingenious to survive the drastic, hostile climate changes; and drivers had to be ingenious to survive the tyranny of driving distance in hazardous and unpaved roads.

In its broadest sense, social engineering ingenuity involved hunting, equipment manufacturing, mental creativities, trade, and production. Historic channel to social engineering attack is categorized into the following five overlapping phases: pre-scientific revolution, primary industrial revolution, secondary industrial revolution, information technology industrial revolution, and computer industrial revolution engineering.

1. Pre-scientific revolution engineering (PSRE) is similar to ancient monuments and building designers inscribed on the wall representing an act of ingenuity or code-name "engine." Ancient drafters and draftswomen and renaissance engineers, Leonardo da Vinci, adopted the name engine. Pioneers of engineering operation, including practical artists, architects, artisans, designers, and painters, proceeded on social engineering careers through trial and error and steady determination and ingenuity to produce exceptional equipment and devices. Prehistoric monuments are often stable, durable, and entrenched with the name used by designers of ingenious fortifications. These devices are related to ingenuity, capturing the original denotation of the engine preceding steam engines and locomotive devices.

2. First Industrial revolution engineering (FIRE) is designed to support and strengthen social engineering. During the first industrial revolution era, research and engineering education were at their zenith in science and technology and progressed through World War II. Later, the incorporation of innovative social engineering training and creative engineering practical research programs were restructured and modernized; thus, resulting in the production of current systematic technological devices such as mainframe and supercomputers, desktop and laptop computers, satellite and telecommunication systems that are currently in use today.

3. Secondary industrial revolution engineering (SIRE) sponsored the emergence of electrical engineering, civil engineering, and mechanical engineering procedures that helped to transform engineers from practical artists to professional, and scientific innovative operators. The formation of SIRE led to the emergence of two branches of engineering: chemical engineering and electrical engineering, which were developed in close alliance with chemistry and physics programs. Integration of these two subject areas; chemistry and physics, led to telecommunication equipment, marine engineering, devices to generate alerts, restraining threats of ocean exploration. Aeronautic engineers turned the prehistoric dream on flight into a travel opportunity for global communities. The advent of SIRE led to the growth and explosion of information technology, intellectual responsibilities, and significant mitigation of social burden through the invention of social engineering. The production of telecommunication equipment, marine engineering apparatus, and related equipment help to turn prehistoric dreamers into pioneering engineers for the global communities.

4. Information technology industrial revolution engineering (ITIRE) emerged after World War II and progressed to the innovative invention of microelectronics, digital connections, communications, networking computing, information technology, the internet, mobile devices, telecommunications, and transmission systems. Indeed, the ITIRE era helped to re-strengthen the production of turbojet and rocket engines designed to propel aeronautic manufacturing, atomic and nuclear engineering into unprecedented heights of accomplishment. Above all, ITIRE and SIRE witnessed a universal information technology revolution that came with the full participation of intellectual responsibilities and the alleviation of collective social liability through structured engineering education needed to support the rise of large-scale future research engineers.

5. Computer Industrial Revolution Engineering (CIRE) was by default, collaborative efforts of PSRE, FIRE, SIRE, ITIRE, led to the modern technological advances, such as the erection of Pyramids in the Nile Valley, facility barricades, roads network systems, canals that originated from the Mediterranean Middle East and Asia Minor.

Formerly, North America, presently known as the United States of America, watched the European homegrown industrial technology revolution in the 17th century and in the early 18th century. Soon, the United States progressed to adopt and implement identical European industrial and military engineering techniques. This era of information technology (IT) and industrial revolution engineering (IRE) was heavily entrenched with innovative growth in the orbit of IT, aeronautics, hydro and nuclear power, electronics, network system, internet connections, telecommunications, and cybersecurity operations. The 18th through 19th centuries' progression led to ground-breaking and innovative IT and IRE engineering operations in the United States, which ultimately led to the creation of the canal and railway construction, professional technology, engineering education, and first professional engineering societies in 1887. However, these innovations and rapid growth in social engineering attack brought with them a correspondingly elevated level of interruption in the smooth running of gadgets and equipment. The new development raised concerns about social engineering attacks on vulnerable, innocent citizens.

Social engineering attack (SEA) is often steered by a stranger who adopts various psychological guiles on a computer to secure access or information required to hack into an organization's security center, network file server, and users' workstation. Perpetrators of SEA are often strangers and non-tenured employees who meet the requirements of headlines newsflashes as hackers. Fortunately, insiders and organizations' authorized users must be ready to battle perpetrators social engineering. Per Esin (2017), the benchmark designed to protect against social engineering attack support the premises that thirty percent (30%) of hacking operations are directed toward private, public, and healthcare organizations. Higher education enterprise is perpetuated by interlopers who are not authorized users of the organizations, while seventy percent (70%) of hackers are often initiated and executed by authorized users inside the organization. The axiom may sound hazy to the public, but organization users and clients must be trusted until proven not trustworthy. Most chief executive officers, administrators, college and university vice-chancellors, directors, and managers are often intolerant and impatient to verify personnel identity, background and establish trust due to the initiative's time-consuming nature.

Nonetheless, organizations must learn to support and train employers to work and protect the organization's security center and resources. Large segments of organizations' security network users are often lazy, none-aggressive, and choose shortcuts in discharging assigned services by posting passwords on the screen and leaving confidential documents lying out on the table and uploading the same document to associates competitors. Authorized users within the organization are often the puniest linkage in any security operation. Based on the manipulative and psychological nature of social engineering operation, otherwise known as "community maneuvering,". Perpetrators of social engineering attack often exploit human weakness before spending time and effort to crack passwords and gain access to an organization's security center.

Culprits frequently install sniffers on organizations' network file servers via polite phone calls, gain required user identification, and passwords to access the organization's security center. SEA is a self-created community maneuvering ingenuity whose objective is to provide sufficient protective measures, such as installing configuring, up-to-date hardware and software, and ongoing professional training program. Social engineering attacks are classified into six categories: human-based, electronic interface, pop-up windows, mail attachments, and the exploitation of personality traits. The human-based category is individuals who often penetrate the facility pretending to be an employee, visitor, service personnel dressed in appropriate uniform. Also acts as an active member of the community to gain access to the computer security center; the electronic interface is a phishing scam that has been in existence for centuries and recently became a sophisticated hacking tool, the pop-up windows category sponsors alert to appear on the screen warning users that their network security center has been interrupted. The network connection needs to be re-authenticated, mail attachments emergence as hidden in an email that naturally arrives seeking information to update the holder's contact information, precisely, after the user's credit card had expired. The process is designed to avoid suspicion, a follow through with the location and exploitation of personality trait, dispersion of characteristic to affirm that a culprit is not solely responsible for creating scenarios and factors to dilute personal responsibility for criminal decision-making.

The incorporation of an auditing security center (ASC) will serve as a stable security data-recovering center for any organization. A credible technique to mitigate SEA must include filtering unsolicited email into organizations' auditing security centers. The best preemptive and defensive mechanism in the process is to install and configure self-regulating security file servers to audit and monitor incoming and outgoing email traffic. The ASC must be configured as a self-determining entity, engage in monitoring, auditing, and tracking users' inbound and outbound communications; then, broadcast improprieties to users of organization network systems. Based on the large scale of undetected everywhere and anywhere social engineering attack, total reliance on only one network file servers within the organization is insufficient due to extensive internet activities and sophistication of our modern-day social engineering attackers. The integration of ASC file servers and existing organization network file servers will help to dissipate the increasing myth that users are unpredictable in battling social engineering attacks (Esin, 2018).

ANSWER ALL FOUR QUESTIONS

Question One.

1. To what extent are there significant differences between Computer Intrusion attack and Social Engineering attack on individuals, private and public organizations?

Social engineering attacks are underhanded, labeled as non-technical threats to any organization but require well-structured protective measures to decrease ongoing large-scale confrontation by criminals. As you may be aware, perpetrators often adopt self-assurance tricks, exploiting naivety, lethargy, and good nature of authorized users to launch social engineering attacks on organizations' main file servers.

Question Two.

2. Provide a comprehensive plan of action to safeguard forensic investigators and law enforcement officers on how to battle Underhanded social engineering attacks.

Organizations must take active steps against the escalation of social engineering attacks, recognizing that perpetrators are not afraid to search external organization dumpsters, internal office bins, and discarded electronic media for data and information. Organizations' network users must be trained on the danger of throwing wastepaper and electronic media in a bin within and outside the office building. Social engineering attack is a multiple-part operation. Most organizations often ignore establishing and adopting onboard ecological waste management action plans to deal with discarded materials, shredded left-over documents, and magnetic media, placing fragments in an isolated location.

Question Three.

3. Describe a long-range staff development training program to guide forensic investigators and law enforcement officers on matters relative to onboard ecological waste management discarded materials, shredded left-over documents and magnetic media, fragments in an isolated location, external organization dumpsters, internal office bins, and discarded electronic media to battle criminal activities.

Question Four.

4. Describe in detail the advantages of auditing security center (ASC) to combat Social Engineering attack on private and public organizations and higher education enterprise.

Casey, Eoghan (2011). Digital Evidence and Computer Crime. Elsevier

Science. Kindle Edition; San Diego: CA

Academic Integrity/Plagiarism

At a Christian liberal arts university committed to the pursuit of truth and understanding, any act of academic dishonesty is especially distressing and cannot be tolerated. In general, academic dishonesty involves the abuse and misuse of information or people to gain an undeserved academic advantage or evaluation. The common forms of academic dishonesty include:

· Cheating – using deception in the taking of tests or the preparation of written work, using unauthorized materials, copying another person’s work with or without consent, or assisting another in such activities.

· Lying – falsifying, fabricating, or forging information in either written, spoken, or video presentations.

· Plagiarism—using the published writings, data, interpretations, or ideas of another without proper documentation

Plagiarism includes copying and pasting material from the internet into assignments without properly citing the source of the material.

Task

1. Use Case Study format to analyze the case. Read carefully, the For maximum points section. Look at cases from the text of this class for inspiration.

2. Be sure to address all of the case study elements described herein.

3. Be sure to state your full name, Teacher Name, Course, and semester on the cover/intro pages/slides.

4. Show your creativity. How would you solve this particular case?