Building a Security Awareness Program on an Organizational Level

Introduction: A Case Study

Liz Raymond finally had some peace and quiet in her office. The day had been quite chaotic, but now that there were only a few minutes left before a relaxing weekend and that all the financial reports had been completed and sent on time, the last thing she expected was an email from Mr. Evans, her company’s CEO.

During the two years since she had been appointed head of the accounting department, Liz had had little contact with Mr. Evans, who limited himself to praising the effectiveness with which she led the department. However, the message she received was not a complete surprise; after all, it was public knowledge that there were undergoing negotiations for acquiring yet another startup.

“Dear Liz,” said Mr. Evans’ email, “I need your help on a sensitive subject that requires the utmost urgency. We have just finished negotiating the startup deal. However, in order to guarantee the business, it is still necessary to pay $ 180,000.00 in advance. Could you please make the transaction as soon as possible and keep me informed? Also, until everything becomes official, I rely on your usual discretion to handle this matter with complete confidentiality. Here is the bank account for the transfer.”

It was only after hearing the mouse click confirming the transfer, that another click happened within Liz’s mind. She started to notice the small inconsistencies in the message. Mr. Evans was extremely polite, but he had never used ‘Dear Liz’ before. Also, although his signature was correct, there was something odd about the email address. Was that a typo? After a few moments of hesitation, a quick call confirmed that the long-awaited weekend would not be relaxing at all.

Mr. Evans had no idea what this email was about, and no, (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Claudio Dodt. Read the original post at: