Social Engineering: Protecting Systems from Users

Length: 4000 words

Task:

There have been many studies conducted on the relative weakness of security products, components and mechanisms. In the majority of cases the major weakness has been identified as the actual users of the system. Whether they are the attacker or the attacked users have the greatest capacity to compromise a system by using, or providing information to hackers, in a way that is damaging. Much time as an IT Security professional is spent on developing, implementation and managing technical controls without much more than a passing interest paid to the people that use the technology every day.

For this assessment task you will write an essay on the following:

Social Engineering: Protecting Systems from Users

Some primary ideas you might like to address in this essay include:
Definition of Social Engineering.
How does Social Engineering allow hackers to gain access to systems or escalate privileges?
What are the key challenges of combating Social Engineering Attacks?
What mechanisms, techniques or tools can be used to mitigate against Social Engineering Attacks?

IMPORTANT!!!Please refer to the Marking Criteria and Rubric:

Marking Criteria:

Introduction
The introduction sets the scene for the whole essay. The purpose of the introduction is to identify the topic, your point of view and the main reasons for your response. Generally approximately 10-15% of the allocated word count.
This section will often contain the following points:
• Introduce the topic.
• Give background or context to give relevance to the discussion.
• State the main point or purpose of the essay.
• Preview the subtopics or themes.

Body
Paragraphs in the body of the essay show your discussion of the main ideas supporting your position or response to the question. Ideas from the scholarly literature give credibility and weight to your argument. Generally approximately 70-80% of the allocated word count.
Each paragraph should link with the previous paragraph and may include:
• A topic sentence: a statement of the main idea of the paragraph.
• Explanation or supporting evidence from the scholarly readings.
• Further evidence from your reading to deepen your discussion.
• Application of ideas to a scenario or through the use of an example.
• Your discussion of, comment on and evaluation of these ideas.
• A concluding sentence that brings the paragraph to a close.

Conclusion
The purpose of the conclusion is to summarise and make final evaluative comments. It is important to refer back to the essay questions. Generally approximately 10-15% of the allocated word count.
This paragraph includes:
• A brief summary of the main ideas presented in the essay.
• Confirmation of any thesis included in the introduction.
• Final evaluative comments on the relative importance of the arguments.
• Comments on the ongoing significance of the topic as an issue that needs further discussion or investigation.
• DO NOT introduce any new content at this point.

Presentation
• Grammar & spelling
• Essay format
• Overall presentation
• Appropriate referencing using APA 6th Edition.
• Reference list should contain a minimum of 6 appropriate references.

Rubric:

Criteria

Result Expected

Explore and discuss the definition and principles of social engineering and its relevance to information security.

·Definition of social engineering.

· Discuss how social engineering can be used as a method for gain access to information or systems.

· Discuss the key challenges of protecting information against social engineering attacks.

· Discuss relevant tools and mechanisms that may be used to protect against social engineering attacks.

A clear and accurate definition of social engineering has been discussed. The student has comprehensively addressed the task, demonstrating an excellent conceptual understanding of how social engineering is used to gain access to information or systems. They have discussed in detail a range of challenges with respect to social engineering and have related each challenge with clarity to a range of protective tools and mechanisms that can be used by security professionals. The student has fully addressed all of the essay criteria.

Selection of a range of material which is relevant to the topic. Integration of material sourced from literature to support the ideas expressed in the essay. Minimum of 8 references 4 of which must be relevant, refereed, journal articles located by the student.

Excellent independent identification of an extensive range of literature which is: relevant; current; authoritative; and which includes multiple publication types. Substantially exceeds the minimum number of required references, demonstrating excellent skills in searching for relevant and credible literature. Excellent linkage and integration. Has developed and justified using own ideas based on publications which have been thoroughly analysed, applied and discussed to illustrate and justify the discussion.

A successful Masters student must write clearly and purposefully in English using vocabulary and language that suits the writing task and addresses their intended audience.

Writing demonstrates clarity of intention, purpose, and approach to the topic.

Written expression is clear, fluent and well-structured:

· Sentences are well structured, with good use of vocabulary, and with minimal or no grammatical and punctuation errors.

· Paragraphs are structured to present a flow of ideas.

· The written piece is well-formatted with minimal or no spelling or proofreading errors.

· Language is used to convey a clear meaning to the intended audience.

Writing style conveys a clear and meaningful interpretation of the task, based on confidence in knowledge and ability to clearly communicate complex concepts and ideas.

Presented in 1.5 line spacing, with wide margins, page numbers and suitable type-size.