Suppose that you work for Barclays, PayPal, Visa, or any other major organization that is vulnerable to phishing. (It will be easier to answer this question if you choose an organization for which you are a customer.)

a. Using the information in this chapter, write a single-page memo that describes the phishing threat to your company and explains why the threat is difficult for the company to address.

b. List possible actions, if any, that your company can take to eliminate the phishing threat.

c. List possible actions that your company can take to lessen the consequences of the phishing threat.

d. Write a specific policy that you think your organization should take concerning phishing.

e. Suppose you manage your company’s customer help desk. Describe a procedure for the helpdesk employees to take when a customer reports a phishing attack.

f. Describe the elements of a phishing incidentreporting system for your company. LO.1