Post on 27-Dec-2015
Creating a No Phishing Zone
Group Discussion Written ProjectRussell Eubanks & Tsega Thompson
SANS Technology Institute- Candidate for Master of Science Degree
SANS Technology Institute- Candidate for Master of Science Degree
OverviewPhishing vs. Spear PhishingPurpose of Training Program
◦Pre Assessment User Awareness Mandatory Webinar
◦Post Assessment Evaluation Series of simulated phishing attacks Mandatory Quiz
SANS Technology Institute- Candidate for Master of Science Degree
TestingSimulated Phishing Tests
◦Email with link to update employee profile.◦Email with compensation report attached.◦Email with subject “Top Secret”.◦Email suggesting organizational changes.◦Email urging staff members to submit a
fortune.Mandatory Employee Quiz
◦Present phishing attacks and non-attacks to see if employees can identify each.
SANS Technology Institute- Candidate for Master of Science Degree
Program ImplementationFour week program
◦Days 1-3: Mandatory Webinar◦Days 4-18: Simulated Phishing Tests◦Days 6-23: Data Collection &
Analysis◦Day 24: Mandatory Quiz /
Reinforcement Day◦Day 25-26: Putting it all together◦Day 26: Report Card Day
SANS Technology Institute- Candidate for Master of Science Degree
Measuring SuccessAt each level of the program
fewer employees will be vulnerable to phishing attacks.
Track employees who respond to attacks.
Results will be populated in a table for further analysis.
Progress will be measured.
SANS Technology Institute- Candidate for Master of Science Degree
Example
SANS Technology Institute- Candidate for Master of Science Degree
SummarySocial engineering attacks are
geared towards exploiting employees.
Our best defense is to arm them with the knowledge needed to recognize and report these attacks.