Exam 2 You Are The Sr Security Engineer For ABC Startup LLC

Posted on December 27, 2025

Exam 2you Are The Sr Security Engineer For Abc Startup Llc A 300 Use

Create a compelling business case to secure budget for a 2019 phishing campaign within the organization. The business case should be a half to full-page executive summary directed to the CEO, COO, and CFO, outlining the latest phishing trends, the organization's vulnerabilities, and justifying the need for the campaign with credible sources. Additionally, prepare a detailed, itemized budget for the campaign covering software licenses, implementation, training, email costs, professional services, and internal resource allocations, with justified estimates for alternative options if necessary. Lastly, develop a creative phishing campaign outline designed to appeal to human emotions such as scarcity, urgency, charity, and authority. Include a concise summary of the campaign, success metrics, a suggested high-open rate domain with a screenshot, a mock-up of the cloned webpage, and a compelling phishing email template. The purpose is to simulate a realistic, effective phishing scenario aimed at testing and improving organizational security awareness.

Paper For Above instruction

In today's digital landscape, organizations face a rising tide of sophisticated phishing attacks that threaten sensitive data, financial assets, and organizational reputation. As the Senior Security Engineer at ABC Startup LLC, a mid-sized Latin marketing firm with 300 employees, it is imperative to proactively assess organizational resilience against such threats through targeted phishing campaigns. This paper provides a comprehensive approach encompassing a compelling business case for budget approval, a detailed campaign budget, and an innovative campaign outline designed to test and improve employee awareness through emotionally appealing tactics.

Business Case for Phishing Campaign Budget

The deployment of a simulated phishing campaign is a crucial investment in organizational security. Recent trends indicate that phishing remains the most prevalent cyber threat, accounting for over 80% of reported security incidents (Verizon, 2021). Attackers increasingly leverage international domain names and decentralized workforces, exploiting human vulnerabilities with tailored, convincing messages to deceive employees into revealing credentials or opening malicious attachments. According to the Anti-Phishing Working Group (APWG), phishing attacks surged by 29% in 2022, highlighting growing organizational risks (APWG, 2022).

Implementing ongoing simulated phishing campaigns enhances employee awareness, reduces successful breaches, and fosters a security-conscious culture. Studies demonstrate that organizations conducting regular phishing simulations see up to a 70% reduction in successful employee credential compromises (KnowBe4, 2020). Given that internal breaches often originate from trusted employees, awareness initiatives are paramount.

Moreover, regulatory frameworks such as GDPR and HIPAA emphasize the importance of employee training and breach prevention. An internal phishing campaign demonstrates proactive risk management, aligning with good governance practices. Investing in simulated exercises is more cost-effective than remediation post-breach, which can incur millions in damages, ransom payments, and legal penalties (Ponemon Institute, 2021). Therefore, allocating funds for a 2019 phishing campaign is a strategic investment to safeguard organizational assets and reputation.

Sources:

Verizon. (2021). Data Breach Investigations Report.
Anti-Phishing Working Group. (2022). Phishing Activity Trends.
KnowBe4. (2020). The Business Value of Phishing Simulation.
Ponemon Institute. (2021). Cost of Data Breaches.

Itemized Budget for the Phishing Campaign

The budget meticulously plans for all necessary components to ensure a successful simulated phishing campaign. The primary costs include security software licenses, campaign setup, employee training, email delivery services, and internal resource allocation.

Phishing Simulation Software Licenses: $15,000 annually for a professional platform such as KnowBe4, which offers customized phishing templates, reporting, and analytics.
Implementation and Management Tools: $3,000 for additional plugins or integrations to support automation and detailed tracking.
Employee Training Modules: $5,000 for online microlearning courses, awareness videos, and post-campaign debriefing materials.
Email Delivery Costs: $2,000 estimated based on volume (e.g., 50,000 emails at $0.04 per email) for targeted campaigns during different phases.
Professional Services: $7,500 for consultancy support, campaign design, and analysis by cybersecurity experts.
Internal Resources Allocation: $10,000 for the time of the security team, including management, development, and analysis efforts, calculated based on estimates of hours and salaries.
Contingency and Miscellaneous Expenses: $2,000 for unforeseen costs or additional testing.

Total Estimated Budget: $44,000

If opting for alternative solutions like building in-house using open-source tools such as GoPhish, initial setup costs could be reduced to around $10,000 but with increased internal management time and potential feature limitations. Outsourcing to specialized vendors like PhishMe (now Cofense) might cost about $50,000–$60,000 but provide more robust support and features. The budget rationale favors a balanced approach, leveraging a reputable platform with supplementary consultancy to maximize ROI.

Phishing Campaign Outline

Campaign Summary

This campaign simulates a urgent-looking email purportedly from a trusted authority, exploiting the human emotion of urgency and scarcity during the holiday season. The email prompts employees to verify a fake charitable donation request requiring immediate action, aiming to harvest credentials or prompt credential verification (about a 48-hour window), leveraging the goodwill associated with charitable acts around year-end.

Success Metrics

Success will be measured by the click-through rate of the phishing email, the number of employees entering credentials on the fake page, and the proportion of targeted employees who report or recognize the phishing attempt. Key metrics include open rate, click rate, credential submission rate, and report rate.

Domain Selection and Screenshot

The chosen domain is delivery-ups.com, mimicking a credible shipping service, leveraging the familiarity of logistics companies. A screenshot of the domain registration page (e.g., GoDaddy or Namecheap) showing the domain 'delivery-ups.com' is included to demonstrate purchase feasibility.

Screenshot of domain registration for delivery-ups.com

Cloned Webpage Mockup

The target page mimics a real delivery confirmation site with company branding, a login form requesting email and password, and a prompt for urgent action on a pending shipment. A mock-up image illustrates the interface, emphasizing authenticity and professionalism.

Mockup of delivery confirmation login page

Email Template

The email employs a professional tone, with subject line: “Immediate action required: Confirm your delivery request.” The body includes a sense of scarcity, such as "Your delivery attempt is pending for the next 24 hours. Verify now to avoid delays," and a call-to-action button labeled “Verify Shipment” linked to the fake webpage. The email uses corporate branding, official-looking fonts, and personalized greetings to improve credibility.

Overall, this campaign emphasizes urgency and authority, combined with charity appeals, to maximize engagement while maintaining a professional appearance that mimics legitimate corporate communications.

References

Anti-Phishing Working Group. (2022). Phishing Activity Trends. https://apwg.org/trends/
KnowBe4. (2020). The Business Value of Phishing Simulation. https://www.knowbe4.com/resources/reports/
Ponemon Institute. (2021). Cost of Data Breaches. https://www.ponemon.org/
Verizon. (2021). Data Breach Investigations Report. https://www.verizon.com/business/resources/reports/dbir/
Cybersecurity & Infrastructure Security Agency. (2022). Phishing Attacks and Prevention. https://www.cisa.gov/news/2022/01/12/phishing-attacks-and-prevention
Gordon, S. (2019). Cybersecurity Strategies for Modern Organizations. Harvard Business Review. https://hbr.org/2019/07/cybersecurity-strategies-for-modern-organizations
Hale, J. (2020). The Psychology of Phishing and Social Engineering. Journal of Cybersecurity. https://journals.sagepub.com/doi/full/10.1177/2056305120904177
National Institute of Standards and Technology (NIST). (2020). Framework for Improving Critical Infrastructure Cybersecurity. https://doi.org/10.6028/NIST.CSWP.04162020
Howard, J., & Bowers, D. (2021). Evaluating Employee Responses to Phishing Simulations. Cybersecurity Analytics. https://doi.org/10.1016/j.cyber.2021.100377
National Cyber Security Centre. (2022). Phishing Awareness and Training. https://www.ncsc.gov.uk/guidance/phishing

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.