The Specification
Expressed as Project Aims.
A statement of what the project is about including any necessary changes to the original proposal or based on new information or understanding. A summary of the research and analysis carried out thus far should also be included.
This should include:
Who the project is being done for?
What the problems and needs of the sponsor are?
What are the project’s aims?
What is the proposed solution?
What will be produced in the project?
Any major modifications to the original proposal
Literature Survey:
This should expand upon what was presented in the proposal and should discuss existing knowledge in the field and the prior knowledge upon which the project is based. It does not have to be as detailed as the literature survey in the final dissertation report, yet it should prove that research has been done and that reading was done on the subject.
Conduct of the Project:
Proposes how the project will be carried out and should include, where appropriate:
Background research: what information will be used to understand the problem and its solution?
Data required: what data will be needed for the project and from where it will be obtained;
Any new skills that will be required and how these will be acquired;
The design methods to be used;
The software to be used
The Design:
Outline of the project design, according to a standard method. Although designs will vary according to the needs of particular projects, a typical design of a software implementation will comprise:
A description of the anticipated components of the system and how they are to be organized;
In case there is a need for a commissioned work (such as a hardware device or a service routine) it must be specified in this report and justified, otherwise it could be treated as collusion;
A description of data structures to be used by the system;
Algorithms to manipulate these data structures; and
A design of the intended interface
For example, if following an object-oriented design method, one might include: case diagrams; an interaction chart; the objects to be used in the system; attributes and methods of objects; pseudo-code for the key methods; an interface design.
In this section one might include: data flow diagrams; entity relationship diagrams; entity life histories; pseudo code for the key processes; interface design.
For a project involving the empirical investigation of some hypothesis one would normally expect to see things such as: a statement of the hypotheses to be tested; a description of the test data to be used; an experiment design, the experiments to be performed; any controls to be used; a description of how the results will be analyzed, including any statistical techniques that will be used; anticipated conclusions; program designs for any software that needs to be developed to generate the test data or conduct the experiments.
The important thing is that the report clearly shows that a design method has been followed, and that the design has been carried out with sufficient attention to detail as to inspire confidence that it can be realized, tested, and evaluated in the time remaining for the project.
Statement of Deliverables:
This states what will be produced by the project. It serves as an amendment to the Deliverables section in the proposal. In some cases it may be useful to identify some deliverables as essential and others as desirable. As appropriate, this will include:
A description of anticipated documentation content;
A description of anticipated software;
A description of anticipated experiments;
A description of methods for evaluation of the work
The Project Aims and Objectives:
The project aims are to study and research the effects of
€¢ Insider threats and social engineering in an organization
€¢ relationship of insider threats and social engineering
and to investigate ifone of the greatest security threats in an organization comes from the person who has an authorized access to information.
The outcome of the investigation and research is to determine the greatest security threat and develop and deliver a set of measures to identify insider threats and misuse of social engineering then present measures to handle them effectively and securely.
Project Outline
Many organizations fear exposing the insider threat due to the fear of negative publicity and loss of customers. In some cases it becomes difficult for the management of an organization to identify the culprit responsible for the insider threat. During the project, research and analysis will be used to identify some of the insider threats and effects of social engineering that the management of an organization is likely to face. In aIDition it will also be used to present some of the possible impacts due to both and provide some of the necessary information that can help to best aIDress both issues.
The project will consist of the following:
1. Research and review
€¢ The greatest security threats in an organization and their sources.
€¢ The role of social engineering in an organization and its relation to security threats.
2. Design and development of questionnaires
€¢ The questionnaire will be used to gather data from my organization (Air Products) in relation to security threats in the organization and their management of social engineering.
3. Design and Development of Method to store and analyse collected data
€¢ The questionnaire will be sent as an email link and the data will be stored in an internal SharePoint link.
4. Analysis of Data
€¢ Responses will be analysed against best practises recommendation in order to gauge the size of the problem and determine the greatest security threat. This research will be valuable within my own workplace and also those responsible for IT security in other companies.
5. Recommendations
€¢ A proposal of countermeasures will be develop based on the research and findings from the data.
Literature Survey / Resources’ List:
1. Archuleta, EG 2009, Guarding against the insider threat’, Journal / American Water Works Association, 101, 5, p. 38-44, Scopus®, EBSCOhost, viewed 19 November 2013.
€¢ This paper discusses ways of mitigating insider threats
2. Bakhshi, T, Papadaki, M, & Furnell, S 2009, Social engineering: assessing vulnerabilities in practice’, Information Management & Computer Security, 17, 12, pp. 53-63, Library, Information Science & Technology Abstracts, EBSCOhost, viewed 14 November 2013.
€¢ The paper presents a study which explores the level of susceptibility to social engineering among employees within an organisation.
3. Colwill, C 2009, Human factors in information security: The insider threat €“ Who can you trust these days?’, Information Security Technical Report, 14, 4, pp. 186-196, Academic Search Complete, EBSCOhost, viewed 02 October 2013.
€¢ This paper examines some of the key issues relating to insider threats to information security and the nature of loyalty and betrayal in the context of organisational, cultural factors and changing economic and social factors.
4. Hamin, Z 2000, Insider Cyber-threats: Problems and Perspectives’, International Review Of Law, Computers & Technology, 14, 12, pp. 105-113, Business Source Complete, EBSCOhost, viewed 10 November 2013.
€¢ This research note focuses on the broader issue of insider threats, and the dilemma posed, to the organization by insiders.
5. Hunker, J, & Probst, C 2011, Insiders and insider threats an overview of definitions and mitigation techniques’, Journal Of Wireless Mobile Networks, Ubiquitous Computing, And Dependable Applications, 2, 12, p. 4-27, Scopus®, EBSCOhost, viewed 01 October 2013.
€¢ The paper defines roperties of insiders and insider threats. It also discusses a number of approaches from the technological, the sociological, and the socio-technical domain.
6. Mccollum, T. T. (2011). Insiders Raise Fraud Threat. Internal Auditor, 68(6), 16.
7. Nohlberg, M 2008, Securing Information Assets: Understanding, Measuring And Protecting Against Social Engineering Attacks, n.p.: SwePub, EBSCOhost, viewed 10 November 2013.
€¢ The research on social engineering in this paper is divided into three areas: understanding, measuring and protecting which is relevant to what the current research paper I am attempting to write.
8. Purkait, S 2012, Phishing counter measures and their effectiveness €“ literature review’, Information Management & Computer Security, 20, 5, pp. 382-420, Library, Information Science & Technology Abstracts, EBSCOhost, viewed 10 November 2013.
€¢ This research looks into phising which is one the method of social engineering.
9. Workman, M 2008, A test of interventions for security threats from social engineering’, Information Management & Computer Security, 16, 5, pp. 463-483, Library, Information Science & Technology Abstracts, EBSCOhost, viewed 12 November 2013.
€¢ This empirical study provides evidence for certain posited theoretical factors, but also shows that treatment efficacy for social engineering depends on targeting the appropriate factor
10. Yaseen, Q., & Panda, B. (2012). Insider threat mitigation: preventing unauthorized knowledge acquisition. International Journal Of Information Security, 11(4), 269-280
Scholarly Contributions of the Project
The research and analysis of the data collected will aIDress the following:
€¢ A deeper understanding of the factors which play a role in assessing social engineering and identity Theft in an organization.
€¢ The analysis of the current sentiments towards insider threats and social engineering will be applicable to similar organizations.
€¢ On completion of the analysis countermeasures will be set up to protect the company from these threats, considering both traditional and often suggested education as well as novel approaches to protection against social engineering and insider threats attacks will applicable to other organizations.
Description of the Deliverables:
The content of this project will be based on the research and data collected on the impact of social engineering and effects it has on insider threats. The following items will be included in the final project:
1. The research and analysis of findings will include
a. The original purpose of social engineering and how it is being used.
b. The likely insider threats that are likely to stem from social engineering and the places that those threats are likely to emerge from in the system. This part will not only include the results of the surveys carried out in the different companies but also researched information on all possible threats linked to social engineering and insider threats in a company.
c. How companies can detect the threats emerging, how they can react to the detected threats and the steps to take once they have detected them.
d. The countermeasures that have been employed in countering the insider threats that have already arisen as well as those that are likely to arise from social engineering.
2. The template of the questionnaire will be attached as an appendix.
3. Documentation of the methodology used to gather, store, and analyse data.
4. The qualitative and quantitative evaluation of the data gathered from the questionnaire.
5. Proposal of countermeasures will be develop based on the research and findings from the data
Evaluation Criteria:
The project will be based on a well outlined survey. This survey will help identify the problems that the surveyed companies have faced regarding the topic at hand and outline the solutions that have been sought.
The following criteria will be used to evaluate the project outcome.
1. The project should determine
a. Is social engineering a major contributor of a company’s insider threats?
b. If, so where are these threats likely to stem from?
c. How can companies detect these threats before they graduate into problems?
2. The questionnaire should
a. Contain open and closed type questions
b. AIDress the key security threats
3. The sample size should be adequate to meet the evaluation criteria and appropriate statistical methods used to analyse the data
4. On completion of the analysis countermeasures can be set up to protect the company from these threats that are likely to emerge from social engineering
Resource Plan:
There is a requirement to create questionnaires in order to send surveys to the staffs of the identified organizations. The survey will be delivered via e-mail and I will need to ensure that anonymous submission is permitted. This will need to be made via web-enabled interface. I have the option to use either the internal SharePoint web server or survey sites. However careful evaluation will need to be made in order to understand which is the most appropriate way based on cost and time constraints.
I have the support from my company to apply for some study leave if the necessity arises. I have a company allocated laptop and a personal laptop which can be used to access all the required resources to complete this project.
Project Plan and Timing
Risk Assessment:
The project does not involve great risks unless in unexpected occasions. However, health or rather personal health is of great concern. The other risk assessment is associated with overworking which might result to exhaustion before the project is successful. This will be mitigated through ensuring that the coursework for every day is scheduled and covered according to the time available since there is amble period to complete the project. The fact that the field is not highly under research, the study might be faced with few or insufficient material and studies to support the reference although the available material will be optimized to exhaustion. In case of any unexpected and inevitable disturbance, the project time might be not enough to facilitate the whole research and compilation of the project. However, if the emergency is not too serious, the time schedule can still be squeezed to fit the available time else the project time will be extended with the consultation of the appropriate authorities. Finally, the risks of losing any crucial data of the research due to equipment breakdown might pose a risk as well but there is substantial mitigation strategy for the incident in case it occurs whereby the work will be backed up to a separate location.
Quality Assurance:
Quality assurance is based on the appropriate protocol of accomplishing the task as per the set standards and requirements whereby the research will fully adhere. Considering the fact that the project is based on survey, the required ethical considerations will be considered whereby the participants will be assured of their security, confidentiality, and privacy. The appropriate permission will sought from the authorities of the organizations which will be involved in the research and request for the essential support requested. The researches will also ensure that the content or work provided is unique and not similar to any presented before under any assessment requirements or in any institution. All the possible investigations to take place will be under the requirements and predefined standards as well as per the agreements between the researcher and the organizations involved.
TO ORDER FOR THIS QUESTION OR A SIMILAR ONE, CLICK THE ORDER NOW BUTTON AND ON THE ORDER FORM, FILL ALL THE REQUIRED DETAILS THEN TRACE THE DISCOUNT CODE,
TYPE IT ON THE DISCOUNT BOX AND CLICK ON USE CODE’ TO EFFECT YOUR DISCOUNT. THANK YOU
