For this task, imagine that an international organization has hired a national agency to levy phishing, spear phishing, and whaling attacks on a local competitor. The purpose of the attacks is to gain unauthorized access to the local company’s business systems at a later date. In this scenario, the nature of the event is the malicious action by the international organization. The spam email that is received and accessed by employees of the local competitor results in users being tricked into providing their logon credentials. The hackers then use the credentials to gain access to the local competitor’s business systems and information. It is critical that the events of the attacks be detected quickly because the local competitor is planning a marketing action, and the international organization could use this hacked information to get to their product or service to the market sooner.
Write a paper that addresses the following:
Differentiate between phishing, spear phishing, and whaling attacks. Delineate risk responses in terms of: Risk Avoidance Risk Acceptance Risk Sharing/Transfer Risk Mitigation Determine risk mitigation through the application of industry best principles and practices and information security policies.
Determine risk mitigation through the application of well-known commercial tools such as PhishMe and PhishGuru. Develop a plan for monitoring the infrastructure for security-related events. Develop a plan for securing information assets.
Provide details on security awareness, training, and education.
Length: 5-7 pages, not including titles and reference pages.
Your paper should demonstrate thoughtful consideration of the ideas and concepts that are presented in the course and provide new thoughts and insights relating directly to this topic. Your response should reflect scholarly writing and current APA standards.