question archive Hacking the Human ICA Specification 2021-22 The ICA will take the form of a case study of a fictional company but that is based on real-world incidents (see Appendix 1 for the scenario) involving a cybersecurity breach(s) that originated through a social engineering attack vector or vectors
Hacking the Human ICA Specification 2021-22 The ICA will take the form of a case study of a fictional company but that is based on real-world incidents (see Appendix 1 for the scenario) involving a cybersecurity breach(s) that originated through a social engineering attack vector or vectors
Subject:Computer SciencePrice:12.99 Bought3
Hacking the Human ICA Specification 2021-22
The ICA will take the form of a case study of a fictional company but that is based on real-world incidents (see Appendix 1 for the scenario) involving a cybersecurity breach(s) that originated through a social engineering attack vector or vectors. You are required to write a report of between 4000-5000 words that will analyse the attack, propose solutions and discuss the ethical issues around the case study. The report should be written as though you were a cybersecurity consultant advising the owners of the business. The clients wish to know what went wrong & why (the analysis) and what they can do to prevent further such incidents in the future (proposed interventions).
The Report should contain 3 sections:
Section
Marks
Suggested word count
1. Analysis of the breach(s)
40%
1600 - 2000
2. Proposed interventions (e.g. behavioural & procedural etc) that could be used to mitigate against such an attack(s).
50%
2000 - 2500
3. Discussion of the ethical and morality issues of using human behaviour analysis and modification techniques within an organisation.
10%
400 - 500
Part 1
You MUST analyse this case study using one of the frameworks, taxonomies or ontological approaches we have looked at in the module. You are not confined to using one of these approaches, but you can identify an alternative approach through your own reading and research, but you must make it clear in the introduction to your report which approach you are utilizing for your analysis.
Your analysis could include, for example, the following: a) What is the attack vector?
- What channel(s) was used
- Who is the operator or actor who originated the attack?
- What approach(es) did they use?
- What human weakness or attribute were they targeting?
What you actually include in your analysis of the breach(s) will depend largely on the analysis approach you choose to use. You should include a brief paragraph at the end of this section that discusses and evaluates the analysis approach you chose (i.e. How easy was the approach to apply? Do you think it identified all the important elements of the attack(s)? Would you use the same approach again? etc) Part 2
After you have analysed the breach(s) you should propose appropriate solutions that would help mitigate against similar issues occurring again in the future for the “organisation” at the heart of the case study. Your proposals should align with your findings from the analysis and should be supported by research and reading done in this area. Your recommendations should reflect the complexity of the research findings in this area (e.g. one type of training approach might not be appropriate for everyone in an organisation)
Part 3
In this section you should discuss the ethical and morality issues of using human behaviour analysis and modification techniques within an organisation. Again, your discussion should be supported by appropriate reading and research in this area.
The Report
Your report should be written in the 3rd person and be neatly presented with correctly numbered sections and sub-sections plus a front page and table of contents. I expect to see a high standard of written English commensurate with master’s level work, with few spelling and proof-reading errors. If you feel you need help with your report writing skills I suggest that you use the Learning and Research Support delivered through the Library.
You should use the University’s standard Harvard approach to referencing as laid out in the book Cite them Right by Pears and Shield. This is best accessed as electronic resource via the University Library website.
Support
You will be given the opportunity to work on aspects of the assignment in the practical classes in the second half of the module and you are advised to use this time to seek formative feedback on your work to-date. In respect of reading draft work the following conditions will apply:
- A deadline will be set after which draft work will not be reviewed: this deadline is 9am 20th December
- We will look at one draft of a report only and comment on this for instances of obvious errors, omissions or inaccuracies (i.e. issues that may result in the report failing), you cannot keep submitting drafts for review.
- We cannot and will not give an indicative grade (University Regulations do not allow us to do this)
- Nor will we tell you what you need to keep adding to your work in order to get a distinction!
- In addition, we will look at parts (e.g. paragraphs) of work in the practical sessions in response to specific questions on clarification of issues/points etc. There is no restriction on this & indeed we would encourage you to do this.
- We will not answer vague questions along the lines of “is this OK?”
Your final report should be submitted by 4pm on Wednesday 12th January 2022 via Blackboard
You can expect to receive your feedback on or before the 8th February this date complies with the University requirement that you should receive your feedback within 20 working days (weekends and holidays are not counted as working days) of the date of submission.
This assignment will assess how well you have achieved the module learning outcomes:
Personal and Transferable Skills
- Distinguish between different human behaviours relevant to online activities
- Appraise the ethical issues that underpin human behaviour modification issues in an organisation
Research, Knowledge and Cognitive Skills
- Propose human behaviour interventions to mitigate against a cybersecurity threat targeting humans
- Appraise social engineering threats to individuals and organisations
Professional Skills
- Compose cybersecurity solutions to address the needs of an organisation that takes into account the ‘human factor’
- Evaluate different cybersecurity threats to an organisation from the perspective of human behaviour analysis
Hacking the Human ICA Specification 2021-22
The ICA will take the form of a case study of a fictional company but that is based on real-world incidents (see Appendix 1 for the scenario) involving a cybersecurity breach(s) that originated through a social engineering attack vector or vectors. You are required to write a report of between 4000-5000 words that will analyse the attack, propose solutions and discuss the ethical issues around the case study. The report should be written as though you were a cybersecurity consultant advising the owners of the business. The clients wish to know what went wrong & why (the analysis) and what they can do to prevent further such incidents in the future (proposed interventions).
The Report should contain 3 sections:
|
Section |
Marks |
Suggested word count |
|
1. Analysis of the breach(s) |
40% |
1600 - 2000 |
|
2. Proposed interventions (e.g. behavioural & procedural etc) that could be used to mitigate against such an attack(s). |
50% |
2000 - 2500 |
|
3. Discussion of the ethical and morality issues of using human behaviour analysis and modification techniques within an organisation. |
10% |
400 - 500 |
Part 1
You MUST analyse this case study using one of the frameworks, taxonomies or ontological approaches we have looked at in the module. You are not confined to using one of these approaches, but you can identify an alternative approach through your own reading and research, but you must make it clear in the introduction to your report which approach you are utilizing for your analysis.
Your analysis could include, for example, the following: a) What is the attack vector?
- What channel(s) was used
- Who is the operator or actor who originated the attack?
- What approach(es) did they use?
- What human weakness or attribute were they targeting?
What you actually include in your analysis of the breach(s) will depend largely on the analysis approach you choose to use. You should include a brief paragraph at the end of this section that discusses and evaluates the analysis approach you chose (i.e. How easy was the approach to apply? Do you think it identified all the important elements of the attack(s)? Would you use the same approach again? etc) Part 2
After you have analysed the breach(s) you should propose appropriate solutions that would help mitigate against similar issues occurring again in the future for the “organisation” at the heart of the case study. Your proposals should align with your findings from the analysis and should be supported by research and reading done in this area. Your recommendations should reflect the complexity of the research findings in this area (e.g. one type of training approach might not be appropriate for everyone in an organisation)
Part 3
In this section you should discuss the ethical and morality issues of using human behaviour analysis and modification techniques within an organisation. Again, your discussion should be supported by appropriate reading and research in this area.
The Report
Your report should be written in the 3rd person and be neatly presented with correctly numbered sections and sub-sections plus a front page and table of contents. I expect to see a high standard of written English commensurate with master’s level work, with few spelling and proof-reading errors. If you feel you need help with your report writing skills I suggest that you use the Learning and Research Support delivered through the Library.
You should use the University’s standard Harvard approach to referencing as laid out in the book Cite them Right by Pears and Shield. This is best accessed as electronic resource via the University Library website.
Support
You will be given the opportunity to work on aspects of the assignment in the practical classes in the second half of the module and you are advised to use this time to seek formative feedback on your work to-date. In respect of reading draft work the following conditions will apply:
- A deadline will be set after which draft work will not be reviewed: this deadline is 9am 20th December
- We will look at one draft of a report only and comment on this for instances of obvious errors, omissions or inaccuracies (i.e. issues that may result in the report failing), you cannot keep submitting drafts for review.
- We cannot and will not give an indicative grade (University Regulations do not allow us to do this)
- Nor will we tell you what you need to keep adding to your work in order to get a distinction!
- In addition, we will look at parts (e.g. paragraphs) of work in the practical sessions in response to specific questions on clarification of issues/points etc. There is no restriction on this & indeed we would encourage you to do this.
- We will not answer vague questions along the lines of “is this OK?”
Your final report should be submitted by 4pm on Wednesday 12th January 2022 via Blackboard
You can expect to receive your feedback on or before the 8th February this date complies with the University requirement that you should receive your feedback within 20 working days (weekends and holidays are not counted as working days) of the date of submission.
This assignment will assess how well you have achieved the module learning outcomes:
Personal and Transferable Skills
- Distinguish between different human behaviours relevant to online activities
- Appraise the ethical issues that underpin human behaviour modification issues in an organisation
Research, Knowledge and Cognitive Skills
- Propose human behaviour interventions to mitigate against a cybersecurity threat targeting humans
- Appraise social engineering threats to individuals and organisations
Professional Skills
- Compose cybersecurity solutions to address the needs of an organisation that takes into account the ‘human factor’
- Evaluate different cybersecurity threats to an organisation from the perspective of human behaviour analysis
Marking Criteria
|
|
Grade A+ (80%+) Distinction |
Grade A (70% - 79%) Distinction |
Grade B (60% - 69%) Merit |
Grade C (50% - 59%) Pass |
Grade D (40% - 49%) Fail |
Grades E & F (0% - 39%) Poor fail |
|
Analysis of data breach(s) (40%) |
|
|
|
|
|
|
|
Choice and application of appropriate analytical approach (20%) |
Exemplary rationale & discussion of possible approaches and one of the approaches discussed in class or a very well justified alternative approach has |
Very good rationale & discussion of possible approaches and one of the approaches discussed in class or a well justified alternative approach has been identified |
Good rationale & discussion of possible approaches and one of the approaches discussed in class or a justified alternative approach has been identified and used correctly |
Some discussion of possible approaches and one of the approaches discussed in class has been identified and used mostly correctly although there may be some minor |
One of the approaches discussed in class has been identified and there is an attempt to apply it to the scenario although there are some deviations from |
It is difficult to determine what if any approach has been identified and there is a minimal attempt to apply it to the scenario but there are some major deviations from the method described. |
|
|
been identified and used and discussed very thoroughly. |
and used correctly. |
although there may be some very minor deviations from the method described. |
deviations from the method described. |
the method described. |
|
|
Extent to which scenario has been analysed (e.g. have all issues been identified from case study?) (20%) |
Chosen approach has been used in an exemplary way to comprehensively analyse the scenario and all of the issues have been identified by applying the analytical approach creatively. |
Chosen approach has been used very appropriately to comprehensively analyse the scenario and all of the issues have been identified by applying the analytical approach. |
Chosen approach has been used appropriately to thoroughly analyse the scenario and most if not all of the issues have been identified by applying the analytical approach. |
Chosen approach has been used appropriately to analyse the scenario and most of the issues have been identified by applying the analytical approach. |
Chosen approach has been used to analyse the scenario to some extent and some of the issues have been identified by an attempt at applying the analytical approach. |
It is difficult to see how the scenario has been analysed. Some issues have been identified but this seems to have been more by luck than judgement or application of a recognised approach. |
|
Proposed solutions (50%) |
||||||
|
Appropriateness of behaviour modification interventions (e.g. would they work for the organisation in question?) (20%) |
A comprehensive number of creative behaviour modification approaches have been discussed very clearly and are supported by a high level of academic research. These approaches are highly appropriate to the needs of the organisation. |
A comprehensive number of behaviour modification approaches have been discussed very clearly and are supported by very good academic research. These approaches are very appropriate to the needs of the organisation. |
A significant number of behaviour modification approaches have been discussed very well and are supported by good academic research. These approaches are appropriate to the needs of the organisation. |
A number of behaviour modification approaches have been discussed well and are supported by some academic research. These approaches are mostly appropriate to the needs of the organisation. |
Some behaviour modification approaches have been discussed and are supported by some limited academic research. Some of these approaches are mostly appropriate to the needs of the organisation. |
Very limited behaviour modification approaches have been discussed in a haphazard way but are not really supported by academic research. Some of these approaches are just about appropriate to the needs of the organisation. |
|
Alignment of proposed interventions with results from analysis. (10%) |
The behaviour modification approaches |
The behaviour modification approaches |
The behaviour modification approaches |
The behaviour modification approaches |
There is some limited attempt to ensure that the |
There is little if any attempt to ensure that any |
|
|
identified are very well aligned in a creative way with the results of the analysis. |
identified are well aligned with the results of the analysis. |
identified are clearly aligned with the results of the analysis. |
identified are mostly aligned with the results of the analysis. |
behaviour modification approaches identified are to a certain extent aligned with the results of the analysis. |
behaviour modification approaches identified are aligned with the results of the analysis. |
|
Discussion of “human” behaviour and characteristics in respect of the proposed solutions (e.g. do the proposed solutions address the complexities of the employees?) (20%) |
It is very clear that the solutions proposed for the organisation have addressed all of the needs of the employees (established in the analysis) in a creative way and there is an excellent level of |
It is very clear that the solutions proposed for the organisation have addressed most if not all of the needs of the employees (established in the analysis) and there is a very good level of |
It is clear that the solutions proposed for the organisation have addressed the needs of the employees (established in the analysis) and there is a good level of discussion of the human |
It is mostly clear that the solutions proposed for the organisation have addressed the needs of the employees (established in the analysis) and there is an appropriate level of discussion of |
Some of the solutions proposed for the organisation have addressed some of the needs of the employees (established in the analysis) and there is some level of discussion of the human |
Few if any of the solutions proposed for the organisation have addressed the needs of the employees (established in the analysis) and there is little if any discussion of the human |
|
|
discussion of the human characteristics of the scenario supported by some exemplary research. |
discussion of the human characteristics of the scenario supported by some very good research. |
characteristics of the scenario supported by some good research. |
the human characteristics of the scenario supported by some research. |
characteristics of the scenario supported by some limited research. |
characteristics of the scenario supported by some very limited research. |
|
Discussion of ethical issues (10%) |
||||||
|
Discussion of the ethical and morality issues of using human behaviour analysis and modification techniques within the organisation. |
Exemplary and perceptive discussion of the ethical issues that addresses all the pertinent points in the scenario. The discussion is underpinned using some |
A very good discussion of the ethical issues that addresses all the pertinent points in the scenario. The discussion is underpinned using some very good research. |
A good discussion of the ethical issues that addresses most if not all the pertinent points in the scenario. The discussion is underpinned using some good research. |
A mostly appropriate discussion of the ethical issues that addresses most of the pertinent points in the scenario. The discussion is underpinned using some |
Some appropriate discussion of the ethical issues that addresses some, but not all the pertinent points in the scenario. The discussion is underpinned using some mostly |
Limited discussion of the ethical issues that addresses some, but certainly not all the pertinent points in the scenario. The discussion is underpinned |
|
|
excellent research. |
|
|
appropriate research. |
appropriate research. |
using some limited research. |
Page
Appendix 1 – Scenario
Background
“All things fibre” was founded about 5 years ago by Pat and Maggie, 2 friends who met through their mutual love of spinning, weaving, knitting and crochet. They are both active members of their local WSD Guild. They have a shop and workshop space in a local craft centre that is home to other small businesses housed in small independent units. (see https://www.durhamdalescentre.co.uk/ for an example of the sort of set-up the business operates in). From the shop they sell spinning and weaving supplies and equipment, yarn and fleece for spinning etc. They also do a lot of business online, packaging and posting items from the inventory out to customers. They also run various courses from the shop with individuals or small groups (this also helps generate a lot of new customers). The business is doing well and has a lot of loyal customers who appreciate the friendly and personal touch they give to their clients. They also have an active Facebook page which they use to keep in-touch with customers and the customers have also turned the group into something of an online community, which has been especially useful since the lockdown. Since the Covid pandemic their business has been very busy with people taking up hobbies during the lockdowns and ordering online. The 2 owners complement each other well with their skills sets and take joint responsibility for the success of the business.
The business does NOT have either ISO27K or CyberEssentials certification.
Shop Employees
|
Employee/Role |
Background Information |
|
Pat (joint owner) |
Used to work as an NHS administrator but decided to follow her heart and set up the venture with Maggie. She is reasonably IT literate and is happy adding items to their online store and responding to emails etc. She is also reasonably aware of scams, frauds and the need to protect customers data through her former job. She also runs the spinning and knitting workshops, but can do others if needed. Pat is organised and mainly looks after the business admin side of things, but is equally happy working in the shop and running various courses that they offer. |
|
Maggie (joint owner) |
Used to work as a legal secretary but decided to follow her heart and set up the venture with Pat. She is reasonably IT literate and is happy adding items to their online store and responding to emails etc. She is also reasonably aware of scams, frauds and the need to protect customers data through her former job. She mainly runs the weaving and spinning workshops but can do others if needed. Maggie is very customer orientated and does most of the organisation of workshops but is also happy looking after the business admin side of things as well. |
|
Jill (part-time worker & workshop tutor) |
Jill retired from her job in a local supermarket at about the same time Pat & Maggie set up their business and knew them through the WSD Guild, and they offered her a part-time job. Jill has knitted all her life and is a very accomplished knitter and is excellent at running the knitting workshops as she easily builds a rapport with the clients. However, Jill is one of those lovely people who rather see the world through ‘rose tinted glasses’ and doesn’t really see harm in anyone and seems to think that everyone is as sweet and kind as she is. She can handle the till and face-to-face purchases |
|
|
perfectly well but is much less confident dealing with the online side of things. |
|
Katie (part-time worker & workshop tutor) |
Katie is a mother of 2 young school age children. Prior to having children she worked full time in a bank. She works part-time for the business to fit around the needs of her family. She always seems to be in a rush and dashes from work to school to pick up the children and again from school to work. She is very competent generally but has made a few errors dealing with orders in the past mostly due to always being in a hurry. On the whole though Pat and Maggie are pleased with her work and value her as a member of the team. She is quite comfortable with IT and generally looks after the social media side of the business as well as sorting out online orders, running the shop and workshops as needed. |
|
Dave (Pat’s husband who helps out with some IT work for the business) |
Dave is a computer analyst and helped set up the business’s wifi network and advises on the purchase of IT equipment for the business. He will step in if additional technical support is needed in the business. However, he is not a cybersecurity or network expert but has a lot of computing experience. |
|
Sam (runs a graphic design web development company in the next unit to Pat & Margaret) |
Sam runs his own business from the unit next door and built the ecommerce site for the business as well as designing the logo and business stationary for them. He did this job at “mates rates” and has built most of the systems used by the businesses in the craft centre. He is viewed as a friend and often pops round for a cup of tea and a chat when business is quiet. |
NONE of the above people are malicious or ‘bad actors’ in the scenario that follows.
Recent Events
Very recently the following events have happened:
1. Multiple linked incidents
- One Monday morning a nicely dressed middle aged woman comes into the shop and starts browsing the goods on display. Jill happens to be on duty that day and being the friendly person she is she approaches the customer and asks if she can help them. The customer starts admiring the lovely coloured fleeces and yarns on display and says she would love to be able to spin and knit. Jill tells her about the workshops available. The customer then says to Jill that she works in a lovely place surrounded by all this colour and creativity, Jill agrees and starts telling the customer all about how she came to be working there, how long she had been knitting for, what lovely employers Pat and Maggie are and how much she loves doing the knitting workshops. She says that the job is easy to fit around her family and grand-kids, whilst gesturing to the staff rota which is pinned up behind the till. The customer says that the business must have been doing well with people taking up new hobbies due to the lockdown, “Oh yes” says Jill “I don’t think we have been busier, we’re posting orders out all the time and our profits have increased a lot.” At this point Pat, who has been half listening to the conversation, interrupts and asks Jill to get something from the stock room. Pat asks the customer if she would like her to book them into a workshop, the customer says she will think about it and continues to look around the shop, leaving shortly after Jill returns from the stock room with the item Pat had requested. Jill asks where she should put the item and Pat says she didn’t really want the item but had only asked her to get it because she wanted her to stop talking to the customer and telling her too much about the business, particularly about the increasing profits. “Oh sorry” says Jill “you know what I’m like”, Pat sighs and says “yes I do” with a slightly exasperated smile. Later that day she tells Maggie about the incident and as they were near the counter PC pulls up the shop’s CCTV and points out the woman to Maggie – “there she is” says Pat, “there’s probably nothing in it, you know what Jill is like, but she did seem very interested in the business”.
- Maggie is working the next week and returns to shop to find the same person on the CCTV again chatting very enthusiastically to Jill. Jill is booking them onto a workshop and they are looking over her shoulder as she books them into the workshop. At that moment Sam
comes in for a cuppa and watches the interaction between the customer and Jill and when they leave he says to Maggie and Jill “you really need to be careful about letting someone look over your shoulder at the PC”, Jill replies, “Oh don’t worry, I’m a very good judge of character and she was just a very nice lady wanting to book onto a workshop. I’m very pleased she came back to see me again, see what good customer service does – another client for us”. Sam and Maggie exchange a “look” and Sam sighs, finishes his coffee and goes back to his unit.
- The next week they receive phone call from a “customer” asking for a refund on the top of the range spinning wheels worth over a £1000. Jill was scheduled to work that day but had swapped with Pat. The person specifically asked to talk to Jill, they were very plausible, all the names right, details about a workshop and who was delivering it et However, Pat became very suspicious as she didn’t remember selling one of the spinning wheels (they are very expensive and they don’t sell that many), she said she would be happy to refund the customer if they could bring in their receipt and the wheel, the customer started getting angry saying that Jill had sold them the wheel and that she had said if “it didn’t suit” they could bring it back, then they changed their story and said that the wheel was faulty and they wanted their money back. Pat stayed calm and said they would be happy to refund the customer if they could bring in or send them the faulty wheel. The customer then started threating to report the business to Trading Standards and to give them a bad review on Facebook if they didn’t refund them the money now. Pat, who was by now thoroughly annoyed by this so called “customer”, told them to “go right ahead” and put the phone down. After she had calmed down a little a thought entered into her head that she vaguely recognised the voice but couldn’t place it. However, they never saw the woman again in spite of her enthusiasm about the crafts of spinning and knitting.
- The following week Jill is quote “excited” as she has brought her “new” laptop into work. It is however not actually a “new” laptop at all. Jill explained that her 14 year old Grandson had got a new laptop for his birthday and he had decided to give his Gran his old one so that she could become more experienced with using the internet. He even cleaned the case and keyboard for her, so it looked quite smart. Her Grandson was a keen gamer and had lots of software on the machine which he hadn’t uninstalled. She was showing Maggie the laptop and asked if she could link the laptop to the business’s wifi and Maggie readily agreed as she wanted to be supportive of her employee becoming more confident using computers. She helped Jill switch on the laptop and went
to get the code for the wifi which was written on a piece of paper hidden under the till for “safe keeping”. As she was standing near Jill just about to read out the password the screen on the laptop started blinking and lines of strange letters and numbers flashed across the screen. Just at that moment Sam walked into the shop and saw the worried faces of the two women. Then a message filled the screen which said – “Gotcha now mate! Give us the password to your Minecraft account and you can have your laptop back”. Sam said “oh dear looks like you’ve been hacked Jill, I’ve got a mate who can probably sort this out if you like?”. Then he spots the wifi password in Maggie’s hand and says “you were just going to connect this to the wifi network weren’t you?”, Maggie nodded in agreement. He continued: “I think you are going to have to improve your cybersecurity processes Maggie before some serious damage is done here. If you had connected the laptop it could have taken out your whole system or even worse. As I said I’ve got a contact, so do have a think about it”.
- 2 days later Jill and Katie were looking after the shop and Jill was looking at the email orders they had received on the business’s iPad and a text message popped up:
“we’re expecting a delivery aren’t we she said to Katie?” just as she was about to click on the link. “stop”
Katie said urgently “it might be a scam, I’ve seen a lot of messages about this sort of scam on social media”. Just then Pat & Maggie walk in and Katie tells them what had just happened, it was a scam as they were not expecting a delivery that day.
Pat and Maggie look at each other and decide that ‘enough is enough’, there have been to many suspicious incidents and “close calls” and they recognise that they need more help to ensure that their business is more secure and that the whole team is more aware of cybersecurity. They decide to ask Sam to put them in touch with his contact who runs a small, reputable cybersecurity business to help them improve their resilience to these sorts of incidents. Sam’s contact specialises in helping and advising SMEs. It won’t be cheap, but given the number of incidents and “close calls” in the last few weeks they think it would be money well spent.
You are one of the cybersecurity experts employed by this business who is sent to work with All things Fibre and you need to write a report with recommendations for the business.
Part 1 - First of all you need to analyse these incidents using one of the cybersecurity behaviour analysis approaches we will look at in class in order to understand what happened and where the weaknesses in the organisation actually lie.
Part 2 - You then need to propose some policy, behaviour modification & education and training approaches that All things Fibre could put in place to prevent these types of incidents happening again.
Part 3 - You will also need to discuss the ethical issues that you have identified in the scenario. Is behaviour modification actually ethical, or is it a necessity from the perspective of a business? etc
Your recommendations should be proportionate to the size and complexity of the organisation e.g.
massively expensive technical solutions would not be appropriate to the business. I do NOT want to read about firewalls, network monitoring or any other technical solutions, we will take these as a “given”. It is your analysis of the human behaviour in these incidents and your suggestions about what the company can do that are important, and this is where the marks will be gained.
