Register

A Chief Information Officer (CIO) publicly announces the implementation of a new financial system. As part of a security assessment that includes a social engineering task, which…

A Chief Information Officer (CIO) publicly announces the implementation of a new financial system. As part of a security assessment that includes a social engineering task, which…
223k views
3 votes
A Chief Information Officer (CIO) publicly announces the implementation of a new financial system.

As part of a security assessment that includes a social engineering task, which of the following tasks should be conducted to demonstrate the BEST means to gain information to use for a report on social vulnerability details about the financial system?

A. Call the CIO and ask for an interview, posing as a job seeker interested in an open position
B. Compromise the email server to obtain a list of attendees who responded to the invitation who is on the IT staff
C. Notify the CIO that, through observation at events, malicious actors can identify individuals to befriend
D. Understand the CIO is a social drinker, and find the means to befriend the CIO at establishments the CIO frequents

User Siavolt
by
8.4k points

1 Answer

1 vote

Final answer:

The most ethical and legally sound option to assess social vulnerability with respect to a new financial system is to inform the CIO of potential observation techniques that malicious actors might use to identify and befriend target individuals for social engineering purposes.

Step-by-step explanation:

The question asks which task should be conducted to demonstrate the best means to gain information for a report on social vulnerability details about the new financial system announced by a CIO. The most professional and ethical approach among the provided options would be Option C: Notify the CIO that, through observation at events, malicious actors can identify individuals to befriend. This involves an assessment of potential social engineering threats without overstepping legal or ethical boundaries.

Options such as compromising the email server or befriending the CIO under false pretenses carry significant ethical and legal risks and could potentially be considered criminal activities. Conducting social vulnerability assessments should always adhere to ethical guidelines and operate within the legal framework. This approach aligns with best practices in information security, emphasizing the importance of protecting against social engineering attacks while maintaining the company's integrity and trust.

User WebSeed
by
8.6k points
← Prev Question Next Question →

Related questions

Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.4m questions

12.2m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Disadvantages of using animation in advertising? advantages and disadvantages of using animation for education? advantages and disadvantages of using animation in entertainment?
Explain why binary codes are used to represent characters, numbers and symbols :)
Link Copied!