general_planing
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
general_planing [2019/07/25 12:50] – external edit 127.0.0.1 | general_planing [2021/04/06 15:24] (current) – lucy | ||
---|---|---|---|
Line 4: | Line 4: | ||
===== Does it make sense to really test employees? ===== | ===== Does it make sense to really test employees? ===== | ||
- | Yes. The benefits of a simulated attack training are: | + | Yes. The benefits of simulated attack training are: |
- | * It increases specific awareness of the phishing and Malware threats. When employees fall for a simulated attack, they become more aware of the real threat and more receptive to the messages from IT security. | + | * It increases specific awareness of phishing and Malware threats. When employees fall for a simulated attack, they become more aware of the real threat and more receptive to the messages from IT security. |
* It improves the general awareness of security. Simulated attack programs help to open the lines of communication between employees and security staff which in turn helps to improve the efficiency of general security awareness training. | * It improves the general awareness of security. Simulated attack programs help to open the lines of communication between employees and security staff which in turn helps to improve the efficiency of general security awareness training. | ||
* It provides security training metrics. Simulated attacks allow you to track the effectiveness of your security training over time and to target the areas or people that most need additional training. | * It provides security training metrics. Simulated attacks allow you to track the effectiveness of your security training over time and to target the areas or people that most need additional training. | ||
Line 21: | Line 21: | ||
* Alert all your end users/ | * Alert all your end users/ | ||
* Start out with easy to detect emails and then gradually make them more difficult. | * Start out with easy to detect emails and then gradually make them more difficult. | ||
- | * Targeted spear-phishing emails should not be deployed until the end of the first year of your program, unless these are a pressing concern. | + | * Targeted spear-phishing emails should not be deployed until the end of the first year of your program unless these are a pressing concern. |
* Use variations of a category of phishing scenarios to gauge learning. | * Use variations of a category of phishing scenarios to gauge learning. | ||
* Conduct assessments no more than monthly or quarterly. | * Conduct assessments no more than monthly or quarterly. | ||
- | * Keep the names of those who fall victim (fail) confidential. | + | * Keep the names of those who fall victim (fail) confidential. |
- | * Send out the results of the assessment as soon as possible after you deploy it, preferably within 48 hours of sending out the phishing email. | + | * Send out the results of the assessment as soon as possible after you deploy it, preferably within 48 hours of sending out the phishing email. |
===== What other preparations need to be done? ===== | ===== What other preparations need to be done? ===== | ||
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
===== E-MAIL COMMUNICATION AHEAD OF THE CAMPAIGN ===== | ===== E-MAIL COMMUNICATION AHEAD OF THE CAMPAIGN ===== | ||
Line 49: | Line 48: | ||
Team, | Team, | ||
- | As you know, we take information security extremely seriously. | + | As you know, we take information security extremely seriously. |
A couple of key points. | A couple of key points. | ||
Line 55: | Line 54: | ||
• We will be sending out these emails once a month randomly. | • We will be sending out these emails once a month randomly. | ||
• If you fall victim to one of these phishing emails you will be notified immediately. | • If you fall victim to one of these phishing emails you will be notified immediately. | ||
- | • If you fall victim your name will not be reported to management. It will not impact you in anyway. This training is designed to help you learn. | + | • If you fall victim your name will not be reported to management. It will not impact you in any way. This training is designed to help you learn. |
• Twenty-four hours after each assessment, we will send an email out to everyone explaining the attack and how you could have figured out the email was a scam or attack. | • Twenty-four hours after each assessment, we will send an email out to everyone explaining the attack and how you could have figured out the email was a scam or attack. | ||
Line 78: | Line 77: | ||
- | **NOTE:** Be sure to include screenshot of the attack in the email so that people can read and learn from it. | + | **NOTE:** Be sure to include |
===== Checklist: what you may ask your client prior to a phishing campaign ===== | ===== Checklist: what you may ask your client prior to a phishing campaign ===== | ||
Line 96: | Line 95: | ||
| eLearning| Should the campaign include also [[awareness_e-learning_settings|eLearning content]]? If yes: does it need to be customized? It is required that individual eLearning statistics are also logged? | | | eLearning| Should the campaign include also [[awareness_e-learning_settings|eLearning content]]? If yes: does it need to be customized? It is required that individual eLearning statistics are also logged? | | ||
| Running the campaign | | Running the campaign | ||
- | | Organizational | + | | Organizational |
| View Only Access | | View Only Access | ||
- | | Log & Success Level| What is considered a [[success_actions|successful attack]] (link click, data submit etc.)? Should LUCY also trigger [[monitor_a_campaign_statistics|opened mails]]? Can advanced client side scripts ([[beef_integration|BeEF]]) be executed to gather more detailed information about the user? | + | | Log & Success Level| What is considered a [[success_actions|successful attack]] (link click, data submit etc.)? Should LUCY also trigger [[monitor_a_campaign_statistics|opened mails]]? Can advanced client-side scripts ([[beef_integration|BeEF]]) be executed to gather more detailed information about the user? |
| Login Restrictions | If a landing page with a login is created: is it necessary to let the user submit the password or shall LUCY redirect the user to a different page before the full password is entered? Is it necessary to implement regular expressions on the login fields in order to avoid false positives? | | Login Restrictions | If a landing page with a login is created: is it necessary to let the user submit the password or shall LUCY redirect the user to a different page before the full password is entered? Is it necessary to implement regular expressions on the login fields in order to avoid false positives? | ||
| Server Location | Should LUCY run in the cloud or on the client' | | Server Location | Should LUCY run in the cloud or on the client' | ||
general_planing.1564051800.txt.gz · Last modified: 2019/07/25 12:50 by 127.0.0.1