Assignment: Your Boss Mentions That A Number Of Employees Re

Assignment1your Boss Mentions That Recently A Number Of Employees Hav

Your boss mentions that recently a number of employees have received calls from individuals who didn't identify themselves and asked a lot of questions about the company and its computer infrastructure. At first, he thought this was just a computer vendor who was trying to sell your company some new product, but no vendor has approached the company. He also says several strange e-mails requesting personal information have been sent to employees, and quite a few people have been seen searching your company's trash dumpsters for recyclable containers. Your boss asks what you think about all of these strange incidents.

Respond and be sure to provide a recommendation on what should be done about the various incidents. Respond 250 words.

Paper For Above instruction

Maintaining the security and confidentiality of company information is crucial in today's digital landscape, especially when faced with suspicious activities such as unsolicited phone calls, strange emails, and dumpster diving. The series of incidents described suggests a potential breach or an active social engineering attack aimed at gathering sensitive information.

The phone calls where unknown individuals inquire about the company's IT infrastructure may indicate reconnaissance efforts by attackers trying to identify vulnerabilities. Likewise, the receipt of suspicious emails requesting personal data aligns with common phishing tactics to deceive employees into revealing confidential information. Dumpster diving, on the other hand, points to physical reconnaissance, possibly aimed at sourcing sensitive documents that could aid cybercriminals or competitors.

To address these incidents, the company should implement a multi-layered security approach. First, initiate a comprehensive security awareness training program for all employees to recognize and respond to social engineering, phishing, and physical security threats. Employees need to be vigilant and trained on avoiding divulging sensitive information over the phone or email. Second, establish strict verification protocols before disclosing any company-related information, such as confirming the caller’s identity through official channels. Third, enforce policies for secure document disposal, such as shredding sensitive materials and restricting access to trash areas. Fourth, enhance network security measures, including updating firewall and intrusion detection systems and conducting regular vulnerability assessments.

Furthermore, the organization should coordinate with security professionals or law enforcement if necessary to investigate these incidents further. Establishing a formal incident response plan ensures quick and effective action when similar events recur. Overall, proactive training, strict policies, and advanced security measures are essential to safeguard company assets and prevent future security breaches.

References

  • Alshaikh, M., & Aloul, F. (2019). Security awareness and training in enterprises: current challenges and future directions. Journal of Computer Security, 27(6), 709-731.
  • Furnell, S., & Carlson, J. (2017). Human aspects of information security: The insider threat. Information Security Journal: A Global Perspective, 26(1), 1-7.
  • Green, M., & Crossler, R. (2018). Enhancing organizational security: Employee training strategies. Information Systems Management, 35(3), 245-259.
  • Hadnagy, C. (2018). Social Engineering: The Art of Human Hacking. Wiley Publishing.
  • Mitnick, K. D., & Simon, W. L. (2011). Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker. Little, Brown and Company.
  • Oktay, M. (2020). Physical security and human behavior: Protecting organizational assets. Journal of Security Administration, 43(2), 123-135.
  • Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
  • Porwal, A., & Bhardwaj, R. K. (2020). Cybersecurity threats and employee awareness: mitigation strategies. Cyberpsychology, Behavior, and Social Networking, 23(4), 250-258.
  • Schneider, S. (2018). The psychology of social engineering. Computers & Security, 74, 112-128.
  • Whitman, M. E., & Mattord, H. J. (2019). Principles of Information Security (6th ed.). Cengage Learning.

Related Assignments