I already got the answer for this paper, but that\'s too short. So, I need more
ID: 3635457 • Letter: I
Question
I already got the answer for this paper, but that's too short. So, I need more help with this paper. ThanksWrite a 18-20 page report that answers the following:
1. Identify and describe the most significant information security threats in contemporary organizational settings.
2. Using independent research, describe five or more best practices to address the threats you have identified.
3. Describe the obstacles or challenges you anticipate encountering in your current or future position regarding the implementation of your best practices.
4. Explain how you plan to address the obstacles or challenges you have identified. Support your response from your independent research articles.
5. Reference 6-8 primary sources outside those used within the course to defend your position.
Explanation / Answer
People have become increasingly aware of the pervasive threats to information security and there are a variety of solutions now available for solving the problem of information insecurity such as improving technologies, including the application of advanced cryptography, or techniques, such as performing risk analyses and risk mitigation (Bresz, 2004; Sasse, Brostoff & Weirich, 2004). There has also been important suggestions from the information systems (IS) security literature that include augmenting security procedures as a solution (cf. Debar & Viinikka 2006), addressing situational factors such as reducing workload so that security professionals have time to implement the recommended procedures (Albrechtsen, 2007), improving the quality of policies (von Solms & von Solms, 2004), improving the alignment between an organization’s security goals and its practices (Leach, 2003), and gaining improvements from software developers regarding the security implementations during the software development cycle (Jones & Rastogi, 2004). Yet despite all these recommendations, people often fail to take basic security precautions that result in billions of dollars annually in individual and corporate losses and even to crimes (Calluzzo & Cante, 2004: Pahnila, Siponen, & Mahmood, 2007; Shreve 2004). “Knowing better, but not doing better” is thus one of the key scholarly and practical issues that have not been fully addressed. One area of particular concern involves threats from social engineering. Social engineering consists of techniques used to manipulate people into performing actions or divulging confidential information (Mitnick & Simon, 2002). Social engineers often attempt to persuade potential victims with appeals to strong emotions such as excitement or fear, whereas others utilize ways to establish interpersonal relationships or create a feeling of trust and commitment (Gao & Kim, 2007). For example, they may promise that valuable prize or interest from a transfer bank deposit will be given if the victim complies with a request for information. The emotional aspect of the interaction is distracting and serves to interfere with the victim’s ability to analyze carefully the content of the message. The social engineer’s illicitly gotten information may then be used to gain unauthorized access to computer systems to invade a person’s privacy, commit fraud, industrial espionage, or to damage assets (Dodge, Carver, & Ferguson, 2007). However, not all successful social engineering episodes result from duplicity; some people willingly give up sensitive information despite their awareness of the pervasive threats (Calluzzo & Cante, 2004; Straub & Nance, 1990). For example, although people generally state that they are concerned about information security and privacy, and even claim that they are willing to pay a fee to protect their personal information, in many cases they are willing to trade-off privacy for convenience, or even bargain the release of very personal information in exchange of relatively small rewards Social engineers have discussed the use of techniques used in marketing campaigns to persuade or gain a victim’s compliance (e.g., Gao & Kim, 2007). The elaboration likelihood model (Petty & Cacioppo, 1986) has been utilized in marketing research to explain how people are persuaded to make purchases (Petty, Cacioppo, & Schumann, 1983), and has been employed in techniques by telemarketers (Schumann, Hathcote, & West, 1991). Although social engineering does not seek to sell a product or service, it does seek to persuade people to provide sensitive information in a similar fashion (Gao & Kim, 2007; Mitnick & Simon, 2002). Hence, using the elaboration likelihood model (ELM) as a framework and drawing from the social psychology theory literature on commitment, trust, and fear, we devised a field experiment to test its applicability in explaining the social engineering threats to determine whether the defenses generally suggested against succumbing to marketing ploys, or interventions suggested for other kinds of information security threats, might also be applied to social engineering countermeasures and interventions.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.