CIS4913- CAPSTONE PROJECT 1

ASSIGNMENT 2

Development of Phishing Simulation Tool

Project Members :

XXXXX

Project Supervisor :

XXXXXX
 Table of Contents
LIST OF FIGURES.......................................................................................................................4
Abstract..........................................................................................................................................6
Introduction....................................................................................................................................7
Adopted Methodology...................................................................................................................8
1. Methodology Selection:...................................................................................................................8
2. Project Goals....................................................................................................................................8
3. Team Composition:..........................................................................................................................8
4. Project Size:.....................................................................................................................................8
5. Justification:.....................................................................................................................................9
Analysis.........................................................................................................................................10
1. System Requirements/Constraints:...............................................................................................10
1.1. Functional Requirements:......................................................................................................10
1.2. Non-Functional Requirements:..............................................................................................10
2. Constraints:....................................................................................................................................11
3. Stakeholder Perspectives:..............................................................................................................11
3.1. Tool Admin:............................................................................................................................11
3.2. Employees:............................................................................................................................12
4. Diagrams Representing the phishing simulation tool system........................................................12
4.1. Use Case Diagram/Product Backlog:..........................................................................................12
4.1.1. Use case diagram...............................................................................................................12
4.1.2. Product Backlog.................................................................................................................13
4.2. Use Case Descriptions................................................................................................................13
4.3. System Sequence Diagrams:......................................................................................................15
4.4. Activity Diagrams:......................................................................................................................16
4.5. Domain Class Diagram:..............................................................................................................17
Time management.......................................................................................................................18
1. Work Breakdown Structure (WBS):...............................................................................................18
2. Network Diagram:.........................................................................................................................19
3. PERT Estimates:.............................................................................................................................22
4. Project Schedule Baseline:.............................................................................................................23
5. Gantt Chart:...................................................................................................................................25
Cost management.........................................................................................................................27
2
 1. Cost Estimation Techniques...........................................................................................................27
2. Resource sheet..............................................................................................................................28
3. Cost sheet......................................................................................................................................28
4. Cost overview report.....................................................................................................................30
Risk management.........................................................................................................................32
Discussion/Reflection...................................................................................................................35
References.....................................................................................................................................37

3
 LIST OF FIGURES

Figure 1 : Use case diagram for the phishing simulation tool....................................................................12

Figure 2 : System Sequence Diagram (SSD): Phishing Simulation Tool......................................................16
Figure 3 : Activity Diagram.........................................................................................................................17
Figure 4 : Domain Class Diagram...............................................................................................................18
Figure 5 : WBS Structure...........................................................................................................................19
Figure 6 : Network Diagram.......................................................................................................................19
Figure 7 : Gantt Chart................................................................................................................................25
Figure 8 : Resource Overview....................................................................................................................31
Figure 9 : Task Cost Overview....................................................................................................................31

4
LIST OF TABLES
Tableau 1 : PERT Estimates Table..............................................................................................................22
Tableau 2 : Project Schedule Baseline.......................................................................................................24
Tableau 3 : Resource Sheet.......................................................................................................................28
Tableau 4 : Cost Sheet...............................................................................................................................29
Tableau 5 : Risk Management Table..........................................................................................................32

5
 Abstract

In an era marked by relentless digital transformation, cybersecurity stands as the vanguard

against an ever-evolving arsenal of threats. Phishing attacks, in particular, have emerged as a
formidable adversary, continually outwitting traditional defenses. This project sets its sights on
fortifying the digital realm by harnessing the power of Agile methodology, specifically Scrum.
Driven by the urgent need to counter the escalating threat of phishing attacks, our three-member
team embarks on a mission to craft a cutting-edge Phishing Simulation Tool. Agile, with its
hallmark adaptability and collaboration, becomes our guiding light in this endeavor.
Our journey is a testament to Agile's versatility. With its iterative nature, we can pivot swiftly to
address emerging challenges as phishing tactics evolve. As we forge ahead, our objectives come
into sharp focus: refining user needs, crafting a resilient project plan, and pinpointing areas
requiring reinforced cybersecurity training.
Our project plan is meticulously crafted, encompassing schedules, cost estimates, and a
comprehensive risk register. These strategic elements, meticulously designed with Agile
principles in mind, form the bedrock of our approach. The tool will not merely simulate phishing
attacks, it will serve as a sentinel, offering insights that empower organizations to bolster their
defenses. Agile principles shape our development, ensuring a nimble response to dynamic
requirements.

Keywords: Phishing Simulation Tool, Cybersecurity Awareness, Agile Methodology, Scrum,

Employee Training, Schedules, Cost Estimates, Risk Register, Python Development,
Vulnerability Assessment, Organizational Resilience.

6
 Introduction

This document represents a pivotal juncture in our ongoing mission to develop a cutting-edge
Phishing Simulation Tool, fortified by the principles of Agile methodology, specifically Scrum.
Building on the foundation laid in prior phases, where we established the project's significance
and motivations, this phase propels us into the realm of detailed planning and strategic execution.
In this document, our primary objectives are clear:
1. Select the Development Methodology: We embark on a journey to determine the most fitting
development methodology, anchoring our project's success. Agile, with its adaptability and
collaboration, emerges as our chosen path to navigate the complexities of cybersecurity.
2. Refine and Specify User Needs: With precision, we delve into the specifics of user
requirements, guided by a standard system analysis framework. We dissect the intricacies of our
tool, ensuring it aligns seamlessly with the ever-evolving landscape of cybersecurity awareness
and preparedness.
3. Define the Project Plan: A meticulously crafted project plan unfolds, complete with
schedules, cost estimates, and a comprehensive risk register. This blueprint serves as our
roadmap, ensuring a steady and resilient journey toward our project's fruition.
4. Communication and Professionalism: As stewards of this vital cybersecurity endeavor, we
embrace the responsibility of effective communication. We engage with multiple audiences,
from stakeholders and team members to faculty mentors and clients, with professionalism and
clarity.
The significance of this document is not confined to its immediate tasks but extends to the
broader mission of bolstering cybersecurity awareness, resilience, and preparedness. It is an
integral step on our path to developing a tool that empowers organizations to navigate the
treacherous waters of phishing attacks with confidence.

7
 Adopted Methodology

1. Methodology Selection:

For the development of our Phishing Simulation Tool, we have carefully chosen the Agile
methodology. This decision reflects a strategic alignment of our project goals, team composition,
and the dynamic nature of cybersecurity challenges.

2. Project Goals

The primary objective of our project is to develop a responsive and adaptable Phishing
Simulation Tool that can effectively address the evolving threat landscape of phishing attacks.
Agile methodologies, renowned for their flexibility and iterative approach, align perfectly with
our goal of creating a tool that can rapidly respond to changing requirements and emerging
security threats.

3. Team Composition:
With a three-member team, communication and collaboration are paramount. Our team consists
of:
- Ms. Alyazia Abdualla Alameri: Project Manager, responsible for overall project
coordination, stakeholder communication, and ensuring the project aligns with its objectives.

- Ms. Bakhita Mohammed Alshamsi: Cost Manager/Configuration Manager, overseeing cost

estimation, resource management, and configuration control.

- Ms. Hessa Khalifa Almansoori: Risk Manager/Tester, responsible for identifying and
managing project risks, as well as conducting testing activities.

Each team member plays a distinct role, contributing their unique skills and expertise to the
project's success.

4. Project Size:
While our project's scope is substantial, it's crucial to maintain a balance between thoroughness
and agility. Agile methodologies, with their incremental and iterative approach, allow us to

8
manage complexity effectively. We can start with a core set of features and progressively refine
and expand our tool based on user feedback and emerging security insights.

5. Justification:

The selection of the Agile methodology, particularly Scrum, is justified by its capacity to address
the inherent challenges of our project. Cybersecurity is an ever-evolving field, and our tool's
success hinges on its ability to adapt swiftly to new threats and provide organizations with up-to-
date phishing simulations.
Furthermore, Scrum's emphasis on stakeholder collaboration aligns with our commitment to
maintaining a constant dialogue with clients and end-users, ensuring that our tool meets their
evolving needs.
In conclusion, our choice of the Agile methodology, specifically Scrum, reflects a well-
considered decision that places adaptability, collaboration, and responsiveness at the core of our
project's development process. It is a methodology that empowers us to navigate the complex
landscape of cybersecurity with confidence.

9
 Analysis

1. System Requirements/Constraints:
1.1. Functional Requirements:

 Phishing Simulation:
o The tool must be capable of simulating various types of phishing attacks,
including email-based, web-based, and social engineering attacks.
o Users must be able to specify the targets and recipients for each simulation.
 Tracking and Logging:
o The tool should log all interactions and responses generated during the phishing
simulations.
o It must be capable of storing logs locally on the user's machine or remotely on a
hosted HTTPS server.
o Logs should include details such as user actions, and email responses.
 Data Analysis and Reporting:
o The tool should provide data analysis capabilities, allowing users to examine
server logs and identify trends or patterns.
o Admin should be able to generate reports based on the analysis, summarizing the
success rates and effectiveness of phishing simulations.
 User Interface:
o The tool must offer an easy-to-use, terminal-based interface that requires minimal
technical expertise.
o It should provide clear and intuitive options for setting up, running, and
monitoring phishing simulations.
 Integration with Email Systems:
o The tool should seamlessly integrate with email systems to send simulated
phishing emails.
o Coordination with the organization's IT department should be supported to
facilitate access to employee email addresses.
 Resource Utilization:
o The tool should have minimal resource requirements, ensuring it can run
efficiently on standard computer systems capable of running Python scripts.

1.2. Non-Functional Requirements:

 Performance:
o The tool should respond to user inputs promptly, with simulations running
efficiently and with low latency.
 Security:
o All data related to the simulation, including logs and user information, must be
encrypted and stored securely.
10
 o The tool should not have vulnerabilities that could be exploited by malicious
actors.
 Scalability:
o The tool must be capable of handling a growing number of simulations and logs.
o It should scale seamlessly when more resources are added.
 Usability:
o The tool's interface should be user-friendly and intuitive, requiring minimal
training for users.
o It should include clear error messages and guidance for troubleshooting.
 Flexibility:
o The tool should offer both local and hosted HTTPS server options, providing
flexibility in deployment.
o It should support customization of phishing scenarios to meet different simulation
needs.
 Cost-Effectiveness:
o The tool's resource requirements should be minimal, ensuring cost-effective
deployment and operation.

2. Constraints:

 Access to Employee Email Addresses:

o Successful execution of phishing simulations relies on access to employee email
addresses.
o The tool must coordinate with the organization's IT department to ensure proper
authorization and access to email accounts.
 Regulatory Compliance and Legal Responsibility:
o The tool must adhere to all relevant legal and regulatory requirements, especially
concerning data protection and privacy.
o Legal and ethical constraints should guide the use of the tool to prevent misuse
and ensure responsible usage.
 Operational and Security Considerations:
o Security constraints are paramount to mitigate risks, given that the tool simulates
phishing scenarios. Security best practices must be followed to protect against
vulnerabilities and attacks

3. Stakeholder Perspectives:
3.1. Tool Admin:

 Responsibilities: The admin continues to be responsible for setting up, managing, and
analyzing the phishing simulations.
 Needs and Expectations: The tool admin needs a user-friendly terminal interface for
easy configuration and management of simulations. They expect the tool to provide
detailed logs and reports to assess the effectiveness of simulations. Additionally, they
require support and coordination with the IT department to access employee email
addresses securely.

11
3.2. Employees:

 Responsibilities: Employees' primary responsibility is to interact with the emails they

receive, just as they would with regular emails, without prior knowledge that these are
simulated.
 Needs and Expectations: Employees need to be informed about the purpose and
outcomes of the simulations after their completion. They expect:
o Clear communication about the nature and goals of the simulations, including that
they were part of a cybersecurity awareness exercise.
o Assurance that their interactions with simulated emails will not have adverse
consequences.

4. Diagrams Representing the phishing simulation tool system

4.1. Use Case Diagram/Product Backlog:

4.1.1. Use case diagram

The Use Case Diagram offers a high-level overview of our tool's functionality by depicting
interactions between actors (administrators, employees) and the system. It helps us visualize
how users interact with the tool. Additionally, the Product Backlog contains a prioritized list
of user stories derived from the use cases. These user stories capture specific features and
functionalities, guiding our development process.

Figure 1 : Use case diagram for the phishing simulation tool

12
 4.1.2. Product Backlog

Product Backlog for Administrator:

 Download and Launch Tool: The administrator needs to download and launch the
phishing simulation tool for setup.
 Select Email Recipient List: Admins should be able to choose a list of employee email
addresses for simulation purposes, obtained from the IT department.
 Choose Phishing Template: Admins need the capability to select phishing templates or
scenarios for simulations.
 Initiate Phishing Simulation: Admins should be able to start phishing simulations,
specifying parameters like target recipients and campaign details.
 Stop Phishing Simulation: The administrator needs the ability to stop ongoing phishing
simulations when required.
 Generate Weaknesses Report: Admins must be able to generate reports based on
simulation results to identify weaknesses and areas for improvement.

Product Backlog for Employee (Participant):

 Interact with Simulated Email: Employees need to interact with simulated phishing
emails naturally, without prior knowledge of them being simulations.
 Ignore Simulated Email: Employees should have the option to ignore or not interact
with the simulated emails.
 Report Simulated Email: Employees need a clear mechanism to report simulated emails
if they suspect phishing attempts.
 Click on Simulated Email (Be Phished): Employees may click on simulated emails,
initiating a simulated phishing scenario.

These user stories capture the primary tasks and actions that both administrators and employees
need to perform when using the phishing simulation tool.

4.2. Use Case Descriptions

 Download and Launch Tool:

 Preconditions: The administrator has access to a computer with internet connectivity and
sufficient permissions to download and execute the tool.
 Main Flow:
1. The administrator accesses the tool's download link.
2. The administrator downloads the tool to their computer.
3. The administrator launches the tool.
 Postconditions: The tool is successfully downloaded and launched on the administrator's
computer.

13
 Select Email Recipient List:

 Preconditions: The administrator has logged into the tool and has obtained the list of
employee email addresses from the IT department.
 Main Flow:
1. The administrator logs into the tool.
2. The administrator selects the option to configure a new phishing campaign.
3. The administrator uploads or inputs the list of email addresses.
4. The administrator confirms the recipient list.
 Postconditions: The tool has stored the selected email recipient list for the upcoming
phishing simulation.

 Choose Phishing Template:

 Preconditions: The administrator is logged into the tool and is configuring a new
phishing campaign.
 Main Flow:
1. The administrator accesses the available phishing templates.
2. The administrator selects a suitable phishing template or scenario.
3. The administrator customizes template details if necessary.
4. The administrator confirms the template selection.
 Postconditions: The chosen phishing template is associated with the campaign
configuration.

 Initiate Phishing Simulation:

 Preconditions: The administrator has configured a phishing campaign, including the

recipient list and phishing template.
 Main Flow:
1. The administrator starts the phishing simulation.
2. The tool sends simulated phishing emails to the specified recipients.
3. The tool tracks interactions and responses during the simulation.
 Postconditions: The phishing simulation is initiated, and the tool begins monitoring
interactions.

 Interact with Simulated Email:

 Preconditions: Employees have received simulated phishing emails in their inboxes.

 Main Flow:
1. Employees receive and interact with the simulated emails as they would with
regular emails.
2. Employees may choose to ignore the email, report it, or click on it based on their
responses.
 Postconditions: Employees have interacted with the simulated emails, and their
responses are tracked by the tool.

 Stop Phishing Simulation:

14
 Preconditions: The phishing simulation is ongoing and has not reached its scheduled end
time.
 Main Flow:
1. The administrator accesses the tool's control panel.
2. The administrator selects the option to stop the ongoing phishing simulation.
3. The tool concludes the simulation and stops further interactions.
 Postconditions: The phishing simulation is halted, and no further interactions occur.

 Generate Weaknesses Report:

 Preconditions: The phishing simulation has been completed, and interaction data is
available.
 Main Flow:
1. The administrator accesses the tool's reporting section.
2. The administrator initiates the generation of a weaknesses report.
3. The tool analyzes simulation results and generates a report highlighting
weaknesses and areas for improvement.
 Postconditions: A report summarizing weaknesses and areas for improvement based on
simulation results is available for review.

15
These use case descriptions provide a detailed understanding of each use case's steps, conditions,
and outcomes, serving as a foundation for the development and testing of our phishing
simulation tool.

4.3. System Sequence Diagrams:

The System Sequence Diagrams illustrate the sequence of interactions between actors
(administrators, employees) and the system for selected use cases. Each SSD shows the
messages exchanged during these interactions, providing insight into the system's behavior.
These diagrams help us visualize the flow of information and actions in our tool.

Figure 2 : System Sequence Diagram (SSD): Phishing Simulation Tool

16
4.4. Activity Diagrams:

Activity Diagrams model the workflow of critical processes within our phishing simulation
tool, helping us understand and optimize internal processes. These diagrams enable us to
analyze and improve the efficiency of our tool's operations.

Figure 3 : Activity Diagram

4.5. Domain Class Diagram:

17
The Domain Class Diagram presents a holistic view of the core entities and their relationships
within our system. It identifies main classes, attributes, associations, and multiplicity. This
diagram is a valuable reference for understanding the structure of our tool and the connections
between various entities.

Figure 4 : Domain Class Diagram

Time management

1. Work Breakdown Structure (WBS):

The Work Breakdown Structure is a critical component of project planning that breaks down
the project into smaller, more manageable tasks. In our project, we created a comprehensive
WBS. It allowed us to organize the project's tasks hierarchically, starting from high-level
phases and drilling down to specific activities. This structure serves as the foundation for the
entire project management process, enabling effective task assignment, resource allocation,
and tracking.

18
 Figure 5 : WBS Structure

2. Network Diagram:
The Network Diagram is a visual representation of task dependencies in our project. By
utilizing MS Project, we constructed a network diagram that illustrates the sequence of tasks,
highlighting their interrelationships and dependencies. This visual tool aids in understanding
the flow of the project and identifying critical path tasks, which are essential for meeting
project deadlines.

19
Figure 6 : Network Diagram

20
 3. PERT Estimates:
For estimating task durations, we employed the Program Evaluation and Review Technique
(PERT). PERT estimates are based on three-time scenarios: optimistic, most likely, and
pessimistic.

21
Using a mathematical relationship, we calculated the Expected Time (TE) as (O + 4M + P) /
6. This approach provides a range of possible durations, considering various scenarios and
uncertainties, contributing to a more robust project schedule.
Tableau 1 : PERT Estimates Table

Task Estimated Duration Optimistic (Pert) Most Likely (Pert) Pessimistic (Pert)

Project Initiation
- Define project objectives and
scope 2 weeks 1 week 2 weeks 3 weeks
- Gather project requirements 2 weeks 1 week 2 weeks 3 weeks
- Assemble the project team 1 week 3 days 1 week 2 weeks
- Develop the project charter 1 week 3 days 1 week 2 weeks

Planning
- Create the project schedule and
timeline 3 weeks 2 weeks 3 weeks 4 weeks
- Identify and manage project risks 2 weeks 1 week 2 weeks 3 weeks
- Define the project's scope and
objectives 2 weeks 1 week 2 weeks 3 weeks
- Develop a communication plan 2 weeks 1 week 2 weeks 3 weeks

Development
- Develop the Python-based
phishing tool 8 weeks 6 weeks 8 weeks 10 weeks
- Develop the terminal-based UI 2 weeks 1 week 2 weeks 3 weeks
- Conduct testing and quality
assurance 2 weeks 1 week 2 weeks 3 weeks

Configuration and Setup

- Configure the tool for different
scenarios 4 weeks 3 weeks 4 weeks 5 weeks
- Coordinate with IT department 2 weeks 1 week 2 weeks 3 weeks

Simulation
- Execution 6 weeks 4 weeks 6 weeks 8 weeks
- Monitoring 2 weeks 1 week 2 weeks 3 weeks
- Reporting 2 weeks 1 week 2 weeks 3 weeks

Project Closure
- Evaluate project success 1 week 3 days 1 week 2 weeks
- Document lessons learned 1 week 3 days 1 week 2 weeks
- Provide project closure reports 1 week 3 days 1 week 2 weeks

4. Project Schedule Baseline:

The Project Schedule Baseline is a snapshot of the project's planned schedule at a specific
point in time. It represents the approved, time-phased project schedule, including start and
22
finish dates for each task. By generating this baseline in MS Project, we established a
reference point against which we could measure project progress. It also served as the
foundation for monitoring and controlling the project's timeline.

Tableau 2 : Project Schedule Baseline

23
 5. Gantt Chart:

Our project's Gantt Chart was created using MS Project to visualize the project schedule,
including task start and end dates, dependencies, and task relationships. This dynamic chart
offered an excellent tool for project communication and monitoring. It allowed us to track
task progress, manage resources, and adjustments ensure the project stayed on schedule.

Figure 7 : Gantt Chart

24
These tools and techniques, along with the use of MS Project, played a crucial role in
effective time management and project planning, enabling us to complete the Phishing
Simulation Tool project within the defined 90-day timeline while accounting for
uncertainties and risks.

Cost management

In the realm of project management, cost management holds a critical position, guiding the allocation of
financial resources and ensuring that projects remain on budget. In the following sections, we outline the
techniques and methodologies employed in our Phishing Simulation Tool project to estimate, track, and
control costs. This chapter sheds light on our approach to financial management, providing a clear
perspective on how we maintained fiscal prudence while delivering value to our stakeholders.

1. Cost Estimation Techniques

In the development of the Phishing Simulation Tool, we employed a combination of cost estimation
techniques to ensure accurate and realistic cost projections. These techniques played a crucial role in
shaping the project's budget and resource allocation. Below, we elaborate on how each technique was
applied and their respective impacts on cost estimation.

Top-Down Estimating:

25
Top-down estimating was utilized in our project to provide a high-level overview of the estimated costs.
This technique allowed us to quickly assess the feasibility of the project and establish initial budgetary
benchmarks. While top-down estimating offered a rapid estimation process, it is important to note that it
provides a broader and less detailed view of costs. Therefore, its primary role in our context was to serve
as a preliminary benchmark against which detailed cost estimates could be compared. This approach was
particularly beneficial in the early stages of the project when comprehensive information was limited.

Parametric Estimating:

Parametric estimating was a valuable technique employed, especially when historical data and relevant
statistical information were available. Our project leveraged mathematical models that considered various
project parameters, such as project size, complexity, and scope, to generate cost estimates. This method
offered a more data-driven and accurate projection of costs, making it particularly advantageous for
specific aspects of the Phishing Simulation Tool. Parametric estimating allowed us to account for various
variables and intricacies within the project, resulting in more precise cost estimates.

Bottom-Up Estimating:

The bottom-up estimating technique was extensively used in our project to provide a detailed and
granular breakdown of costs. It involved estimating the costs of individual project components, which
were then aggregated to determine the total project cost. While this approach required more time and
effort due to the need for detailed information, it ensured a comprehensive understanding of cost
allocation. Bottom-up estimating was particularly instrumental in assessing the costs of various project
phases, such as tool development, interface creation, and testing. By breaking down costs to this level of
detail, we were able to accurately identify budgetary requirements for each project aspect.

The integration of these cost estimation techniques allowed us to create a well-informed cost management
strategy for the Phishing Simulation Tool project. This approach ensured that we had a clear
understanding of potential cost drivers, feasible budgetary limits, and a solid foundation for resource
allocation throughout the project's lifecycle. It is worth noting that our approach to cost estimation was
dynamic, adapting to the evolving needs and scope of the project as it progressed. This flexibility in cost
estimation techniques was instrumental in maintaining cost control and project success.

2. Resource sheet

26
The effective management of project resources is integral to cost estimation and control. Below, you'll
find our Project Resource Sheet, which outlines the key personnel and their respective roles within the
Phishing Simulation Tool project. These dedicated individuals played pivotal roles in its execution, and
their expertise and commitment were essential in ensuring the project's success.

Tableau 3 : Resource Sheet

3. Cost sheet

Cost tracking and estimation are vital components of project management. The Cost Sheet section delves
into the financial details of the Phishing Simulation Tool project. Each task within the project is
meticulously assessed, providing a clear picture of the resources required and the associated costs. This
Cost Sheet serves as a valuable resource for understanding the budgetary aspects of the project.

Tableau 4 : Cost Sheet

27
28
 4. Cost overview report

The Cost Overview Report, generated using MS Project, provides a comprehensive view of project
expenses. It encompasses two key perspectives: Resources Overview and Task Cost Overview. The
Resources Overview figure illustrates the allocation and utilization of resources, revealing real-time cost
data. Meanwhile, the Task Cost Overview figure presents a breakdown of top-level tasks, their associated
costs, and work-related metrics. Together, these reports enable effective monitoring and control of project
finances, ensuring the project stays on budget and on track.

29
Figure 8 : Resource Overview

Figure 9 : Task Cost Overview

30
 Risk management

In the realm of cybersecurity and project management, risk management is an indispensable tool. The
Phishing Simulation Tool project recognizes the significance of identifying, evaluating, and mitigating
risks to ensure the successful execution of the project. This section is dedicated to the comprehensive risk
management approach adopted by our project team.

Cybersecurity risks are dynamic and ever-evolving. To safeguard the project's objectives and maintain a
resilient security posture, we continually monitor and adapt our risk management strategies. Our
commitment to mitigating risks ensures that the project remains on track and aligned with its goals.

Within this section, we will delineate the specific risks identified, assess their potential impact, and
outline a well-considered plan to address and mitigate these risks effectively. Our proactive approach to
risk management empowers us to navigate the project's complexities and deliver it successfully within the
defined parameters.

Tableau 5 : Risk Management Table

Risk Cause Risk Effect Categor Probabili Impac Risk Exposure Risk Response
ID y ty (P) t (I) (P*I) Plan

RM- Insufficient During the Reduced Human 3 4 12 - Regular

01 employee simulation, employee communication
cooperation some awareness, with employees to
employees increased create awareness
may not susceptibili and ensure
fully ty to real- cooperation. -
cooperate world Conduct training
with the phishing sessions to
phishing attacks. emphasize the
simulation, importance of the
compromisi simulation for
ng its cybersecurity. -
effectivene Implement a
ss. reporting and
feedback
mechanism to
address employee
concerns.
RM- Tool Technical Decreased Technic 2 5 10 - Regularly update
02 malfunctions glitches in training al and maintain the
or technical the effectivene tool to prevent
issues simulation ss, technical glitches. -
tool may potential Establish a
disrupt resource dedicated
simulations wastage. technical support

31
 , impacting team to address
the issues promptly. -
learning Implement
experience. automated system
checks before and
during simulations.
RM- Data Unauthoriz Data Security 3 4 12 - Employ robust
03 breaches or ed access compromis encryption and
unauthorized to sensitive e, legal and security measures
access data during reputationa to protect
simulations l damage. sensitive data. -
may lead to Regularly audit
breaches and monitor
and system access. -
potential Develop an
data leaks. incident response
plan for rapid
mitigation in the
event of a breach.
RM- Inadequate Poor Delayed Operati 3 3 9 - Maintain open
04 email coordinatio project onal communication
address n with the timelines, with the IT
coordination IT possible department to
departmen confusion. ensure smooth
t in coordination. -
acquiring Establish clear
email protocols for
addresses acquiring email
may lead to addresses. -
delays and Implement
inefficienci automated
es. validation checks
for email lists.
RM- Delays in tool Delays in Extended Technic 2 4 8 - Implement an
05 development the project al agile project
or developme duration, management
configuration nt or resource approach for
configurati inefficienci flexibility and
on phases es. quicker
may impact adjustments. -
project Allocate adequate
timelines resources to the
and development and
resource configuration
allocation. phases. - Regularly
review and update
the project
schedule.
RM- Inadequate A lack of Increased Human 4 3 12 - Conduct
06 employee training susceptibili comprehensive
training and and ty to real- training sessions
awareness awareness world for employees on
among phishing identifying
32
 employees attacks, phishing attempts.
may hinder potential - Regularly share
their ability data educational
to identify breaches. material and
phishing awareness
attempts. campaigns. -
Encourage
employees to
report suspicious
activities.
RM- Scope creep, Uncontrolle Extended Scope 2 4 8 - Establish strict
07 leading to d scope project change control
project changes duration, procedures. -
expansion may result potential Document and
in project resource evaluate all change
expansion, inefficienci requests. - Ensure
impacting es. any scope changes
project align with project
timelines objectives and
and priorities.
resources.
RM- Insufficient Inadequate Extended Resourc 3 3 9 - Regularly
08 team team project e monitor resource
availability or availability duration, allocation and
resource or resource resource adjust as
allocation allocation inefficienci necessary. -
may es. Implement a
disrupt resource
project management
progress. system to balance
workloads. - Cross-
train team
members to fill
resource gaps.
RM- Technical Technical Reduced Technic 3 4 12 - Survey and
09 incompatibili incompatibi training al evaluate employee
ties with lities with quality, systems for
employee employee potential compatibility
systems systems resource before
may hinder wastage. simulations. -
the Develop system
simulation' requirements and
s provide guidance
effectivene for employees to
ss. ensure
compatibility. -
Establish a
dedicated support
channel for
system-related
issues.

33
 Discussion/Reflection

Alyazia Abdualla Alameri - Project Manager:

As the Project Manager, I've played a central role in our Phishing Simulation Tool project. My
responsibilities have spanned from coordinating the team to ensuring seamless communication among
stakeholders. Throughout this journey, my primary focus has been on aligning the project's objectives
with our actions. I've been the driving force behind our project's strategic planning, guiding us toward our
shared goals.

Bakhita Mohammed Alshamsi - Cost Manager/Configuration Manager:

I am Bakhita Mohammed Alshamsi, and my dual role as the Cost Manager and Configuration Manager
has been instrumental in the project's success. In the realm of cost management, I've meticulously
overseen financial aspects, estimated project costs, managed resources, and maintained control over the
project's configuration. My goal has been to ensure that our project remains on a solid financial footing
and maintains an organized structure throughout its development.

Hessa Khalifa Almansoori - Risk Manager/Tester:

I'm Hessa Khalifa Almansoori, the Risk Manager and Tester for our project. My contributions have
encompassed diverse responsibilities. I've been focused on identifying and managing potential project
risks, ensuring the reliability and security of our Phishing Simulation Tool, and conducting rigorous
testing activities. My role is dedicated to safeguarding our project against unforeseen threats, helping to
secure its success.

Together, as a cohesive team, we've embarked on an exciting journey to create an innovative Phishing
Simulation Tool. Our project is not just another cybersecurity initiative; it's a proactive defense against
the growing menace of phishing attacks.

Our project's foundation lies in the intricacies of project management. We've effectively utilized various
techniques and tools, ensuring that our project remains organized and well-structured. From creating a
comprehensive work breakdown structure to employing techniques like PERT estimates and network
diagrams, we've crafted a detailed project schedule that ensures efficiency and precision.

34
 References

1. PMI. (2017). A Guide to the Project Management Body of Knowledge (PMBOK® Guide). Project
Management Institute.

2. Schwalbe, K. (2018). Information Technology Project Management. Cengage Learning.

3. Microsoft. (n.d.). Microsoft Project. https://www.microsoft.com/en-us/microsoft-365/project.

4. PERT. (n.d.). Project Management Academy. https://projectmanagementacademy.net/pert-chart.

35
5. Kim, D., Lee, H., & Kim, S. (2019). A Real-Time Phishing Detection Framework Using Deep
Learning. IEEE Access, 7, 73459-73468.

6. ISO/IEC 27001:2013. (2013). Information technology - Security techniques - Information security

management systems - Requirements. International Organization for Standardization.

7. ISACA. (2012). COBIT 5: Enabling Processes. ISACA.

8. Project Management Institute. (2017). Project Management Professional (PMP) Handbook. Project
Management Institute.

9. Wiedenbeck, S., Waters, J., & Birget, J. (2005). Design and Evaluation of a Real-Time Phishing
Detection Service. Proceedings of the Anti-Phishing Working Groups 2nd Annual eCrime Researchers
Summit, 1-9.

36