Resource Downloads
Google Slides | Microsoft PowerPoint | PDF Presentation
Injection
Your district’s finance director calls the helpdesk requesting a password reset.
Discussion Prompts
- Who can reset passwords?
- What is the process for verifying identity of callers requesting password resets?
- Is the process documented and followed by everyone who has access privileges for password resets?
Check Your Work
- Do you have a repeatable process for verifying the identity of callers?
- Is MFA push involved?
- Escalation procedure for “pushy” users.
- Correlate this request with other suspicious activity that occurred recently.