Creating a No Phishing Zone

Group Discussion Written ProjectRussell Eubanks & Tsega Thompson

SANS Technology Institute- Candidate for Master of Science Degree

SANS Technology Institute- Candidate for Master of Science Degree

OverviewPhishing vs. Spear PhishingPurpose of Training Program

◦Pre Assessment User Awareness Mandatory Webinar

◦Post Assessment Evaluation Series of simulated phishing attacks Mandatory Quiz

SANS Technology Institute- Candidate for Master of Science Degree

TestingSimulated Phishing Tests

◦Email with link to update employee profile.◦Email with compensation report attached.◦Email with subject “Top Secret”.◦Email suggesting organizational changes.◦Email urging staff members to submit a

fortune.Mandatory Employee Quiz

◦Present phishing attacks and non-attacks to see if employees can identify each.

SANS Technology Institute- Candidate for Master of Science Degree

Program ImplementationFour week program

◦Days 1-3: Mandatory Webinar◦Days 4-18: Simulated Phishing Tests◦Days 6-23: Data Collection &

Analysis◦Day 24: Mandatory Quiz /

Reinforcement Day◦Day 25-26: Putting it all together◦Day 26: Report Card Day

SANS Technology Institute- Candidate for Master of Science Degree

Measuring SuccessAt each level of the program

fewer employees will be vulnerable to phishing attacks.

Track employees who respond to attacks.

Results will be populated in a table for further analysis.

Progress will be measured.

SANS Technology Institute- Candidate for Master of Science Degree

Example

SANS Technology Institute- Candidate for Master of Science Degree

SummarySocial engineering attacks are

geared towards exploiting employees.

Our best defense is to arm them with the knowledge needed to recognize and report these attacks.