You are here: Computer Attacks and Prevention > Subtopic 2 > Activities

Subtopic 2: Activities

Activity 2.1

This activity will familiarize students with the varied sources used by social engineering attackers. Students will analyze their findings, and present their conclusions.

Student Procedure

Pen and paper icon. Image credit: Texas A&M Department of Financial Aid, 
		  financialaid.tamu.edu Create a list of potentially sensitive information you throw away either at home or at work and identify whether a malicious individual could acquire this information.

Instructor Information

Activity level of difficulty: Beginner
Suggested teaching strategies: Instructor should lead students to identify important documents in their personal and professional lives and ask the students to explore the storage and disposition of these documents.
Assessment: Instructors should gauge the thoroughness and variety of information identified when performing their assessment of this student activity: Students should share their findings with classmates.

Activity 2.2

This activity will familiarize students with real world cases involving social engineering attacks. Students will perform research, analyze their findings, and present their conclusions.

Student Procedure

Research online to find an example of a company that was a victim of a social engineering attack. Write a brief synopsis of the event and its repercussions.





 

 

 

Instructor Information

Activity level of difficulty: Beginner
Suggested teaching strategies: Instructor could suggest current examples for students to research.
Assessment: Instructors should assess student success based on the quality of research performed and the timeliness of the case chosen.

Activity 2.3

This activity will familiarize students with real world corporate policies. Students will perform research, analyze their findings, and present their conclusions.

Student Procedure

Research a current acceptable use policy.
Explain how it does or does not address social engineering issues.

Instructor Information

Activity level of difficulty: Intermediate
Suggested teaching strategies: This activity requires students to do further research on their own. It will also incorporate critical thinking skills in order for the students to draw conclusions. Instructor may identify locations of current acceptable use policies for industry or their own institutions.
Assessment: Instructors should assess student success based on the quality of research performed and conclusions drawn.  Possible questions for students to answer include:

  • Is the destruction/disposition of sensitive information detailed in the policy?
  • Is the issue of user passwords addressed in the policy?
  • Is inappropriate access to data and information addressed in the policy?
  • Is email confidentiality addressed in the policy?