144k views
1 vote
Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?

1 Answer

4 votes

Answer:

"No-Phishing/Spear-Phishing" rule

Step-by-step explanation:

The rule of engagement that would cover this limitation is the "No-Phishing/Spear-Phishing" rule. This rule typically prohibits the penetration testing consultants from attempting to phish or spear-phish any executives or employees of the client organization. This is important as it helps to protect sensitive data and prevent any potential security breaches. Tilde should ensure that this rule is clearly outlined and agreed upon by both parties before any testing begins. It is also recommended that she regularly communicates with the penetration testing consultants to ensure that they are adhering to the rules of engagement.

What is the NopPhishing/spear-phishing" rule?

The "No-Phishing/Spear-Phishing" rule refers to the practice of not engaging in or falling victim to email scams that attempt to steal personal or sensitive information. Phishing typically involves a mass email sent to a large group of people, while Spear-Phishing is more targeted and personalized to the recipient. Following this rule means being skeptical of unsolicited emails, avoiding clicking on suspicious links or downloading attachments, and reporting any suspicious activity to the appropriate authorities. Protecting oneself and others from phishing attacks is crucial in preventing identity theft, financial fraud, and other cybersecurity risks.

User JustinStolle
by
7.7k points