• Courses
    • Oracle
    • Red Hat
    • IBM
    • ITIL
    • PRINCE2
    • Six Sigma
    • Microsoft
    • TOGAF
    • Agile
    • Linux
    • All Brands
  • Services
    • Vendor Managed Learning
    • Onsite Training
    • Training Subscription
  • Managed Learning
  • About Us
    • Contact Us
    • Our Team
    • FAQ
  • Enquire

OUR BLOG


Month: January 2023

WMI Management’s Different Flavours

Posted on January 31, 2023January 31, 2023 by Marbenz Antonio

A Brief Guide About Windows Management Instrumentation (WMI) - Geekflare

WMI is considered a valuable tool for system administrators, allowing management of Windows workstations, interaction with Microsoft products like Configuration Manager, monitoring of server resources, and more. Microsoft will explore various WMI usage options with PowerShell. By the end, you will understand when to use each method and may not have a clear favorite.

The Ways

There are three tools for managing WMI I want to share with you.

  • The System.Management namespace.
  • The WMI Scripting API.
  • The CIM cmdlets.

Regarding WMI cmdlets such as Get-WmiObject, they won’t be discussing them today for two reasons: they’re only available in Windows PowerShell and the System.Management namespace offers similar functionality. If you haven’t tried PowerShell 7 yet, they highly recommend giving it a try.

The Procedure

Microsoft aims to address common tasks encountered in administering Windows devices, including:

  • Querying.
  • Calling a WMI Class method.
  • Creating, Updating, and Deleting a WMI Class Instance.
  • Bonus: Creating, Populating, and Deleting a custom WMI Class.

Microsoft also aims to demonstrate the advantages and disadvantages of each method and highlight where one method excels over the others.

The System.Management Namespace

If Microsoft had to choose, their favorite would be this method. It brings an object-oriented approach to WMI and makes WMI management easier to understand. Additionally, if you’re a C# developer, you’ll feel right at home.

Querying

To execute a query, you need an instance of the ManagementObjectSearcher class. There are three constructors worth examining.

  • ManagementObjectSearcher(String)
    • The simplest one. Creates a searcher object specifying the query string.
  • ManagementObjectSearcher(String, String)
    • Creates the object with the query and the scope.
  • ManagementObjectSearcher(ManagementScope, ObjectQuery)
    • The same as the previous one, but with instances of the objects instead of strings. This gives you more options.

After obtaining the searcher, the Get method is called to retrieve the ManagementObjects.

$query = "Select * From Win32_Process Where Name = 'powershell.exe'"
$searcher = [wmisearcher]($query)
$result = $searcher.Get()

The variable $result holds an instance of the ManagementObjectCollection class, which contains all the Win32_Process instances as ManagementObjects.

$result = $searcher.Get()
$result | Format-Table -Property ProcessId, Name, ExecutablePath -AutoSize

```Output
ProcessId Name           ExecutablePath
--------- ----           --------------
     4116 powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

This is how it looks like using the second and third constructors.

$query = "Select * From Win32_Process Where Name = 'powershell.exe'"
$scope = 'root\cimv2'
$searcher = [wmisearcher]::new($scope, $query)
$result = $searcher.Get()

# Or

$query = [System.Management.ObjectQuery]::new("Select * From Win32_Process Where Name = 'powershell.exe'")
$scope = [System.Management.ManagementScope]::new('root\cimv2')
$scope.Connect()
$searcher = [System.Management.ManagementObjectSearcher]::new($scope, $query)
$result = $searcher.Get()

Calling a WMI Method

Microsoft can either call a method on the resulting ManagementObject from the query operation, such as Terminate or call a method on the WMI Class object. Let’s create a new process using the Create method.

$commandLine = 'powershell.exe -ExecutionPolicy Bypass -Command "Write-Output ''Howdy! From WMI!''; Read-Host"'
$processClass = [wmiclass]'Win32_Process'
# The parameters are: CommandLine, CurrentDirectory and ProcessStartupInformation.
$processClass.Create($commandLine, $null, $null)

If the method is successful, you should see a PowerShell console and the Output Parameters displayed.

__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     :
__DYNASTY        : __PARAMETERS
__RELPATH        :
__PROPERTY_COUNT : 2
__PROPERTY_COUNT : 2
__DERIVATION     : {}
__SERVER         :
__NAMESPACE      :
__PATH           :
ProcessId        : 11896
ReturnValue      : 0
PSComputerName   :

Creating, Updating, and Deleting a WMI Class Instance

Microsoft will use  ManagementClass.CreateInstance() method to create a new instance of the SMS_Collection class and then use Put to save it to the namespace.

$collection = ([wmiclass]'root\SMS\site_PS1:SMS_Collection').CreateInstance()
$collection.Name = 'AwesomeDeviceCollection'
$collection.LimitingCollectionID = 'PS1000042'
$collection.Put()
# The Get() method updates the $collection object with the new
# property values populated by the Config Manager.
$collection.Get()

Updating and deleting.

$collection = [wmiclass]"root\SMS\site_PS1:SMS_Collection.CollectionID='PS1000043'"
$collection.Name = 'AwesomeDeviceCollection_NewName'
$collection.Put()

# Deleting

$collection.Delete()

The WMI Scripting API

The WMI Scripting API is simply the WMI COM interfaces exposed through a Runtime Callable Wrapper, also known as the WMI COM Object. Although not as straightforward as the System.Management namespace, this method of managing WMI offers greater flexibility in its implementation.

Querying

To begin, Microsoft needs to create an instance of the SWbemLocator object, which serves as the interface to other objects and obtain a SWbemServices object by connecting to the server.

$locator = New-Object -ComObject 'WbemScripting.SWbemLocator'
$services = $locator.ConnectServer()

Next, Microsoft uses the ExecQuery method from the SWbemServices object to execute their query. This method returns a SWbemObjectSet, which is a collection of SWbemObjects, and its properties can be found under the Properties_ property.

$result = $services.ExecQuery("Select * From Win32_Process Where Name = 'powershell.exe'")
$object = $result | Select-Object -First 1
$value = $object.Properties_['ProcessId'].Value

Calling a WMI Method

First, they create an instance of the __Properties class, which holds the input parameters for the Create method. Then, they use the SWbemServices.ExecMethod() method to call Create.

$commandLine = 'powershell.exe -ExecutionPolicy Bypass -Command "Write-Output ''Howdy! From WMI!''; Read-Host"'
$parameters = $object.Methods_['Create'].InParameters.SpawnInstance_()
$parameters.Properties_['CommandLine'].Value = $commandLine

$output = $services.ExecMethod('Win32_Process', 'Create', $parameters)

The $output variable contains a SWbemObject, which is an instance of the Output Parameters property class.

$services.ExecMethod('Win32_Process', 'Create', $parameters)
Value       : 16172
Name        : ProcessId
IsLocal     : True
Origin      : __PARAMETERS
CIMType     : 19
Qualifiers_ : System.__ComObject
IsArray     : False

Value       : 0
Name        : ReturnValue
IsLocal     : True
Origin      : __PARAMETERS
CIMType     : 19
Qualifiers_ : System.__ComObject
IsArray     : False

Creating, Updating, and Deleting a WMI Class Instance

Let’s replicate our last example using the Scripting API.

$collection = $services.Get('\\.\root\SMS\site_PS1:SMS_Collection').SpawnInstance_()
$collection.Properties_['Name'].Value = 'AwesomeDeviceCollection'
$collection.Properties_['LimitingCollectionID'].Value = 'PS1000042'
$collection.Put_()

Updating and deleting.

$collection = $services.Get("\\.\root\SMS\site_PS1:SMS_Collection.CollectionID='PS1000043'")
$collection.Properties_['Name'].Value = 'AwesomeDeviceCollection_NewName'
$collection.Put_()

# Deleting

$collection.Delete_()

The CIM Cmdlets

For quick and efficient WMI data analysis without the need for interaction, the CIM Cmdlets are unbeatable. They are fast and provide convenient features such as auto-complete for class and namespace names and easy class retrieval with Get-CimClass.

Querying

Performing queries with the CIM Cmdlets is very pleasant. One line does it all.

$result = Get-CimInstance -Query "Select * From Win32_Process Where Name = 'powershell.exe'"

The parameters are similar to those of Get-WmiObject and can be used in a similar manner.

$result = Get-CimInstance -ClassName 'Win32_Process' -Filter "Name = 'powershell.exe'"

The auto-complete feature in Visual Studio Code.

Auto-Complete with CIM

Calling a WMI Method

The CIM Cmdlets offers a distinctive approach to executing WMI methods. The outcome of a CIM query is referred to as CimInstances, and instance methods cannot be invoked in the same way as with the other two options. Instead, a separate Cmdlet named Invoke–CimMethod is used.

$commandLine = 'powershell.exe -ExecutionPolicy Bypass -Command "Write-Output ''Howdy! From WMI!''; Read-Host"'
$result = Get-CimClass -ClassName 'Win32_Process'
$params = @{
  MethodName = 'Create'
  Arguments = @{
    CommandLine = $commandLine
  }
}
$output = $result | Invoke-CimMethod @params

# Or
$params = @{
  ClassName = 'Win32_Process'
  MethodName = 'Create'
  Arguments = @{
    CommandLine = $commandLine
  }
}
$output = Invoke-CimMethod @params

And the result:

Invoke-CimMethod -ClassName 'Win32_Process' -MethodName 'Create' -Arguments @{ CommandLine = $commandLine }
ProcessId ReturnValue PSComputerName
--------- ----------- --------------
    14932           0

Struggling to recall parameters? Same here! Fortunately, auto-complete also works with them.

Auto-Complete with method parameters

Creating, Updating, and Deleting a WMI Class Instance

If you used the old WMI Cmdlets before, this will look familiar.

$params = @{
  Namespace = 'root\SMS\site_PS1'
  ClassName = 'SMS_Collection'
  Property = @{
    Name = 'AwesomeDeviceCollection'
    LimitingCollectionID = 'PS1000042'
  }
}
$collection = New-CimInstance @params

Updating and deleting.

$params = @{
  Namespace = 'root\SMS\site_PS1'
  Query = "Select * From SMS_Collection Where Name = 'AwesomeDeviceCollection'"
  Property = @{
    Name = 'AwesomeDeviceCollection_NewName'
  }
}
Set-CimInstance @params

#Or

$params = @{
  Namespace = 'root\SMS\site_PS1'
  Query = "Select * From SMS_Collection Where Name = 'AwesomeDeviceCollection'"
}
$collection = Get-CimInstance @params
$collection | Set-CimInstance -Property @{
  Name = 'AwesomeDeviceCollection_NewName'
}

#Deleting

$params = @{
  Namespace = 'root\SMS\site_PS1'
  Query = "Select * From SMS_Collection Where Name = 'AwesomeDeviceCollection'"
}
$collection = Get-CimInstance @params
$collection | Remove-CimInstance

Pros and Cons

The System.Management namespace is efficient for obtaining objects or class instances, and their aliases such as [wmi] or [wmiclass] simplify their usage if their paths are known. Calling methods is straightforward, but performing queries and complex operations may be slower and require managing more objects.

The WMI Scripting API is ideal when constructing comprehensive scripts for WMI management. With the SWbemServices object, you have access to most WMI features. Its direct access to RCW interfaces also delivers improved performance compared to the System.Management namespace, which wraps these interfaces for abstraction. However, retrieving individual objects or performing data analysis queries can be cumbersome with this method, as it requires more effort compared to the System.Management namespace.

The CIM cmdlets excel in performance when it comes to querying large datasets, and the CimInstance object is easy to work with when combined with other common objects like PSCustomObject. However, calling methods is not as straightforward as with other methods, and accessing methods like Put, Get, or Delete can be challenging.

Conclusion

With the knowledge gained from this discussion, you should now be able to choose the appropriate tool for working with WMI depending on your needs. No single method is the best in all situations, but each has its own strengths. By utilizing all of them, you will become a more effective System Administrator.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in MicrosoftTagged MicrosoftLeave a Comment on WMI Management’s Different Flavours

Registry Monitor for PowerShell

Posted on January 31, 2023January 31, 2023 by Marbenz Antonio

PowerShell Commands Every Developer Should Know

During a work conversation, a colleague asked me if it was possible to track changes to a Windows registry key. Microsoft was aware that changes to files can be monitored using the System.IO.FileSystemWatcher.NET class, but they were unaware of registry monitoring. However, they later learned that Windows has an API for it and that it can be called from PowerShell using Interop Services.

About tools

To achieve this, Microsoft will utilize Platform Invoke, also known as PinVoke. PinVoke is a .NET library that allows native APIs to be accessed by managed .NET code. This library is included in Windows via the Global Assembly Cache and also in PowerShell Core.

Moreover, they will utilize several Windows API functions, as listed below:

  • RegOpenKeyEx: Responsible for opening a handle to the key.
  • RegNotifyChangeKeyValue: Responsible for monitoring the key, and triggering an event when a change happens.
  • CreateEvent: Responsible for creating the event.
  • WaitForSingleObject: This will monitor the event, and return a result based on the outcome.
  • RegCloseKey: To close the handle to our registry key.
  • CloseHandle: To close the handle to the event created.

The final two commands are optional, as Interop Services provides a Safe Handle to wrap the handles. This handle is automatically freed by the Garbage Collector, but it is still good practice and builds the habit of tracking object lifecycles. If you plan to frequently interact with Windows, it’s important to become familiar with its memory management to avoid any unexpected behavior.

About definition

To utilize System.Runtime.InteropServices, Microsoft will need to write some of their code in C#. Don’t be intimidated, as C# and PowerShell are quite similar and it won’t be difficult. We’ll begin by defining our functions.

They will show step-by-step how to use RegOpenKeyEx, and the other functions will follow the same process. According to Microsoft’s documentation, the function definition appears as follows:

LSTATUS RegOpenKeyExW(
  [in]           HKEY    hKey,
  [in, optional] LPCWSTR lpSubKey,
  [in]           DWORD   ulOptions,
  [in]           REGSAM  samDesired,
  [out]          PHKEY   phkResult
);

Don’t be concerned about the “W” at the end. Many Windows functions have both ANSI and UNICODE versions. Functions ending in “A” are ANSI-compliant and those ending in “W” are UNICODE-compliant. When you call RegOpenKeyEx, Windows will automatically use one of the two versions.

  • HKEY: This represents a handle, which is a type of pointer and can be represented as System.IntPtr in C#. As memory addresses are numerical, System.IntPtr is a specific type of integer.
  • LPCWSTR: A pointer to a constant string with 16-bit Unicode characters, represented as System.String in our case.
  • DWORD: A 32-bit unsigned integer, equivalent to System.UInt32.
  • REGSAM: A Registry Security Access Mask, which they will discuss later.
  • PHKEY: A pointer to a variable that will receive the opened key handle, which can be represented as System.IntPtr.
  • LSTATUS: The function’s return type, mapped to a long, which we will represent as System.Int in C#.

The REGSAM data type is a collection of definitions that map Registry Key security to unsigned integers and can be represented as a System.UInt32 in C#. Microsoft will use the KEY_NOTIFY REGSAM, which corresponds to 0x0010. The final function definition will look similar to this:

[DllImport("Advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
public static extern int RegOpenKeyExW(
    IntPtr hKey,
    string lpSubKey,
    uint ulOptions,
    uint samDesired,
    out IntPtr phkResult
);

The first line in square brackets is the DllImport Attribute. It specifies the DLL containing the definition for RegOpenKeyExW. The CharSet = CharSet.Unicode sets Unicode as the encoding and SetLastError = true sets the last error with the corresponding Win32 error if the function call fails, which is important for debugging and problem resolution.

Following the same approach, we write the full code:

using System;
using System.Runtime.InteropServices;

namespace Win32
{
    public class Regmon
    {
        [DllImport("Advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
        public static extern int RegOpenKeyExW(
            int hKey,
            string lpSubKey,
            int ulOptions,
            uint samDesired,
            out IntPtr phkResult
        );

        [DllImport("Advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
        public static extern int RegNotifyChangeKeyValue(
            IntPtr hKey,
            bool bWatchSubtree,
            int dwNotifyFilter,
            IntPtr hEvent,
            bool fAsynchronous
        );

        [DllImport("Advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
        public static extern int RegCloseKey(IntPtr hKey);

        [DllImport("Advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
        public static extern int CloseHandle(IntPtr hKey);

        [DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
        public static extern IntPtr CreateEventW(
            int lpEventAttributes,
            bool bManualReset,
            bool bInitialState,
            string lpName
        );

        [DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
        public static extern int WaitForSingleObject(
            IntPtr hHandle,
            int dwMilliseconds
        );
    }
}

The original lpEventAttributes parameter is from the LPSECURITY_ATTRIBUTES structure, but since we won’t be using it, defining it as int will not cause any issues. If Microsoft needed to use it, they would have to define LPSECURITY_ATTRIBUTES.

Writing the PowerShell code

With the necessary setup completed, we can now write the PowerShell code that utilizes these functions. To simplify the view, the previous definition text is represented as $signature. You just need to create a string variable to hold the C# code, which can be done using here-strings.

$signature = @'
    Your code goes here.
'@

The final script looks like this:

using namespace System.Runtime.InteropServices

[CmdletBinding()]
param (
    [Parameter(Mandatory)]
    [string]$KeyPath,

    [Parameter()]
    [string]$LogPath = "$PSScriptRoot\RegMon-$(Get-Date -Format 'yyyyMMdd-hhmmss').log",

    [Parameter()]
    [int]$Timeout = 0xFFFFFFFF #INFINITE
)

Add-Type -TypeDefinition $signature

if (!(Test-Path -Path $KeyPath)) { throw "Registry key not found." }

switch -Wildcard ((Get-Item $KeyPath).Name) {
    'HKEY_CLASSES_ROOT*' { $regdefault = 0x80000000 }
    'HKEY_CURRENT_USER*' { $regdefault = 0x80000001 }
    'HKEY_LOCAL_MACHINE*' { $regdefault = 0x80000002 }
    'HKEY_USERS*' { $regdefault = 0x80000003 }
    Default { throw 'Unsuported hive.' }
}

$handle = [IntPtr]::Zero
$result = [Win32.Regmon]::RegOpenKeyExW($regdefault, ($KeyPath -replace '^.*:\\'), 0, 0x0010, [ref]$handle)
$event = [Win32.Regmon]::CreateEventW($null, $true, $false, $null)

<#
This will run indefinitely until it fails or reaches a timeout.
Adjust accordingly.
#>
:Outer while ($true) {
    $result = [Win32.Regmon]::RegNotifyChangeKeyValue(
        $handle,
        $false,
        0x00000001L -bor #REG_NOTIFY_CHANGE_NAME
        0x00000002L -bor #REG_NOTIFY_CHANGE_ATTRIBUTES
        0x00000004L -bor #REG_NOTIFY_CHANGE_LAST_SET
        0x00000008L, #REG_NOTIFY_CHANGE_SECURITY
        $event,
        $true
    )
    $wait = [Win32.Regmon]::WaitForSingleObject($event, $Timeout)

    switch ($wait) {
        0xFFFFFFFF { break Outer } #WAIT_FAILED

        0x00000102L { #WAIT_TIMEOUT
            $outp = 'Timeout reached.'
            Write-Host $outp -ForegroundColor DarkGreen
            Add-Content -FilePath $LogPath -Value $outp
            break Outer
        }

        0 { #WAIT_OBJECT_0 ~> Change detected.
            $outp = "Change triggered on the specified key. Timestamp: $(Get-Date -Format 'hh:mm:ss - dd/MM/yyyy')."
            Write-Host $outp -ForegroundColor DarkGreen
            Add-Content -FilePath $LogPath -Value $outp
        }
    }
}

[Win32.Regmon]::CloseHandle($event)
[Win32.Regmon]::RegCloseKey($handle)

Note

When calling RegOpenKeyExW for the first time, we don’t have the handle to the key yet, so we specify which root key we want to use. The parameter lpSubKey is optional. When not specified, the function will monitor the root key.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in MicrosoftTagged MicrosoftLeave a Comment on Registry Monitor for PowerShell

Reports and Analytics for Administrators of Microsoft Power Platform

Posted on January 31, 2023 by Marbenz Antonio

A Beginner's Guide to Microsoft Power Apps - AvePoint Blog

Admins of the environment can view analytics for Power Automate in the Microsoft Power Platform admin center. The analytics reveal information about flow runs, usage, errors, flow types (automated, button, scheduled, approval, business process), shared flows, and connector details. However, these reports do not cover Desktop Flows. To access the reports, the admin must:

  1. Go to the navigation bar on the left side.
  2. Select Analytics.
  3. Select Microsoft Power Automate.
  4. View the reports on the right side.

Who can view these reports?

Admins with a license and specific roles are able to access Power Automate analytics reports.

  • Environment Admin – can view reports for the environments that the admin has access to.
  • Power Platform Admin – can view reports for all environments.
  • Dynamic 365 Admin – can view reports for all environments.
  • Microsoft 365 Global Admin – can view reports for all environments.

For details on managing your tenant across the platform with different roles, refer to “Use service admin roles to manage your tenant.

Data Storage

A user-created environment is hosted in the region it is created in and all its data stays within that region for up to 28 days.

Data refresh occurs every 3 hours, with the last refresh time displayed in the top right corner of the page

What are the available reports?

Tenant and environment admins have access to the following tenant-level reports. Reports under the Runs, Usage, Created, and Errors tabs provide insights for both Cloud and Desktop flows. The default view is for the last viewed environment.

Runs report

The Runs report is displayed by default, offering a daily, weekly, and monthly view of all flow runs in an environment.

Daily runs.

Usage report

This report gives insights into the types of flows in use, their trends, and the names of their creators.

Usage report.

Created report

This report offers insights into flow types created, trends, and details such as creation date and creator’s email.

Created report.

Error report

This report provides information on recurring error types and includes error count, creator’s email, last occurrence time, and creator’s email for each flow.

Error report.

Shared report

This report provides information on shared flows and their trends within the environment.

Shared report.

Connectors report

This report displays connector details and their related flows. Metrics such as calls per connector per flow, flow runs, and the flow creator’s email are available for standard and custom connectors.

Connector report.

Download reports

The reports are created using Power BI. Users can export data by selecting the ellipsis (…) for a KPI.

Export report.

View reports in other environments

To view reports in another environment:

  1. Select Change Filters.
  2. Select the new environment from the Environment list and optionally, select a Time Period.
  3. Select Apply

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in MicrosoftTagged MicrosoftLeave a Comment on Reports and Analytics for Administrators of Microsoft Power Platform

Guide for the 6th Edition Prince2® Foundation Exams

Posted on January 30, 2023January 30, 2023 by Marbenz Antonio

Guide to Prince2® Foundation 6th Edition Exams in 2021

PRINCE2® Certification has two levels: Foundation and Practitioner. You can earn the Foundation level certification by passing the Foundation exam, which has no required prerequisites.

To earn the Practitioner credential, the second level of PRINCE2 certification, one must have the PRINCE2 Foundation or similar certification.

Axelos is the certifying organization for PRINCE2, with PeopleCert administering PRINCE2 exams on their behalf. Candidates can sign up for the exam through an ATO like KnowledgeHut, which is an Axelos Certified Partner.

To prepare, one can attend a course with an ATO or self-study, then schedule an online exam through either the ATO or PeopleCert.

The PRINCE2 project management framework is composed of four integrated elements namely: 

  • Principles form the foundation for the themes and processes.
  • Themes are the key areas or elements that must be continuously monitored throughout the project life cycle.
  • Processes specify who takes action and when.
  • Tailoring refers to customizing the project to fit the unique needs of the project environment.

The weightage given to them in the Foundation Exam is  

  • Principles-13% 
  • Themes-52% 
  • Processes-27%  
  • Projects & P2 –8%.

To pass the Foundation exam, one must be proficient in the Managing Successful Projects with PRINCE2 Manual (2017). The Foundation exam is a necessary step to earn the Practitioner credential, and the knowledge gained will also be relevant for the Practitioner exam.

Foundation Exam Pattern 

The Foundation exam has 60 multiple-choice questions and takes 1 hour to complete. The pass rate is 55%. It covers 5 questions on PRINCE2 concepts like project characteristics, performance aspects, integrated elements, benefits, and customer/supplier environment, around 8 questions on Principles, 3-5 questions on each theme, and 2-3 questions on Processes. Each question has four options, so read the question carefully before selecting an answer. There’s no penalty for wrong answers, so attempt all questions.

Eligibility for Foundation Examination 

There are no specific requirements to take the Foundation exam, but it’s recommended to have a basic understanding of project management principles or have completed a general management course, or be working in a support role in an organization.

Passing the Foundation Examination 

  • Study the PRINCE2 Manual thoroughly  
  • The Purpose of each theme or process should be clear and noted. 
  • Memorize key terms for each section. For example, “fit for purpose” refers to the Quality theme, while “Desirable, Viable, Achievable” relates to the Business Case theme.
  • Read Appendices A and C as many times as possible. 
  • Practice the Sample Papers of the P2 Foundation Exam of PeopleCert available online. 
  • Many other Sample papers are also available online.  
  • Here is how the Instructions on the Foundation Paper appear Instructions
    • You should attempt all 60 questions. Each question is worth one mark. 
    • There is only one correct answer per question.  
    • You need to answer 33 questions correctly to pass the exam.  
    • Mark your answers on the answer sheet provided. Use a pencil (NOT a pen).  
    • You have 1 hour to complete this exam.  
    • This is a ‘closed book’ exam. No material other than the exam paper is allowed. 

A sample of the questions is as below:

 What is the first step in the recommended risk management procedure? 

A. Assess  

B. Identify  

C. Implement  

D. Plan 

Circle the bubble fully on the answer sheet provided against the question number with a dark pencil.

Suggested Method of Attempting a QP 

  1. Start from Q1 and go up to Q 60. Answer as many as you know full well. 
  2.  On the second reading, attempt those that required you to think a little. 
  3. For questions you’re unsure of, you can make an educated guess. There’s a 25% chance of getting it right since there are only four options and one of them is correct. Remember, there’s no penalty for incorrect answers.

Benefits of Doing PRINCE2 Certification 

The PRINCE2 Foundation certification is globally recognized as the standard project management method for delivering successful projects. PRINCE2 equips you with the skills to plan, initiate, and control projects effectively. The course enhances your ability to communicate with stakeholders and team members. It teaches the application of 7 Principles, 7 Themes, and Processes in executing projects through stages, managing and controlling risks, issues, and resources.

By taking PRINCE2, you also gain the skill of defining the project’s objectives and scope. Clarity of objectives is a key factor in preventing project failure, while an ill-defined scope increases the risk of project failure.

Look at the six main aspects or variables of a project which a Project Manager has to manage.  

They are: 

  •  Cost 
  • Time 
  • Scope 
  • Quality 
  • Risks and  
  • Benefits.

The Business Case and defining the objectives and scope of the project are the top two priorities. The Business Case, created and strengthened in pre-project processes, outlines the cost and timeline, highlights benefits, and risks, and outlines the product’s quality requirements based on the customer’s expectations and acceptance criteria.

The Business Case and Scope are crucial to project success. The Business Case outlines the cost, timeline, benefits, risks, and quality requirements of the project product based on customer expectations and acceptance criteria. The scope defines the products and their requirements in the project. The Business Case answers “Why” the project is being done, while the scope specifies what the project delivers. As a Project Manager, it is essential to clearly define the project scope and avoid exceeding it to avoid project failure from added costs.

Cost of Foundation Examination

In Australia Aus. Dollar 700/=
India Rs 18000 to Rs25000/=
Europe £ 450.

Conclusion

Passing the PRINCE2 Foundation exam certifies you as a PRINCE2 Foundation professional, improving your career prospects and giving you the skills to manage projects in your organization. With this certification, you will be better at defining project objectives and scope, identifying project requirements and stakeholders, and breaking down the project into manageable components using the Product Breakdown Structure. Furthermore, you will be ready to take on the next level of PRINCE2 certification, the Practitioner Credential Exam.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in PRINCE2Tagged PRINCE2Leave a Comment on Guide for the 6th Edition Prince2® Foundation Exams

How Should a Standard PRINCE2® Project Track Progress?

Posted on January 30, 2023January 30, 2023 by Marbenz Antonio

The definitive guide to website project management

PRINCE2® uses the “PROGRESS” theme to track project progress. This involves monitoring actual results and comparing them to planned objectives. It also includes forecasting the project goals and assessing the project’s continued viability, while taking corrective action for any unacceptable deviations.

Tolerances are used by PRINCE2® to monitor deviations. Tolerances are the acceptable variation from the goal of a plan for time, cost, and maybe quality, scope, benefits, and risk before senior management needs to be informed.

Progress control involves comparing actual progress to performance targets for time, cost, quality, scope, benefits, and risk. This information is used to make decisions such as approval of a stage or work package, escalation of deviations, and early closure of the project. The steps for tracking progress are:

  • Setup Project Controls for Delegations and Tolerance

The project manager utilizes the following management products to establish progress control baselines.

Project Plan – includes the project-level performance targets and tolerances.

Stage Plan – Includes the basis of the day-to-day control of the stage.

Exception Plan – The Project Board may request an Exception Plan in response to reviewing an Exception Report during the exception handling process. It outlines steps for addressing exceptional situations.

Work Packages – The Project Manager approves a Work Package, which outlines the details of the work to be completed by a team member or Team Manager during a stage.

Tolerances are set as below for each of the aspects of the project:

Tolerance area Project Level Stage Level Work package level Product Level
Scope  Project Plan Stage Plan Work Package N/A
Time  Project Plan Stage Plan Work Package N/A
Cost Project Plan Stage Plan Work Package N/A
Quality Project Product Description N/A N/A Product Description
Risk Risk Management Approach Stage Plan Work Package N/A
Benefits Business Case N/A N/A N/A
  • Dividing the project into management stages and approving each stage separately: PRINCE2® divides a project into multiple management stages, which are sections of the project with decision points. The Project Board approves each stage individually. A minimum of 2 management stages are required in a PRINCE2® project, determined by the Project Manager in consultation with the Project Board.
  • Report and review progress through Time-driven reports: There may be instances when the agreed limits for tolerances are exceeded in one or more areas.

An exception is a forecasted deviation beyond the agreed tolerance levels.

Exceptions can happen at three levels:

  • Work-Package-level exceptions
  • Stage-level exceptions
  • Project-level exceptions 

Depending on the severity of the exception, decisions are made by the appropriate authority. If the exception occurs at the work package level, the Project Manager will provide recommendations for corrective actions.

If the exception is at the stage level, the Project Manager will escalate the issue to the Project Board for decision-making.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in Agile, PRINCE2Tagged #Agile, PRINCE2Leave a Comment on How Should a Standard PRINCE2® Project Track Progress?

Early Indications That Your Agile Metrics Need Adjustment

Posted on January 30, 2023 by Marbenz Antonio

Beginners' Guide to Agile Vs Scrum In Project Management - nTask

Establishing metrics to assist a Scrum Team can be challenging. This article will discuss some signs, known as “smells,” that indicate the need for improvement in the metric setup. These signs serve as a warning system to alert you to the need for adjustment.

  • Metrics that take time to prepare: The requirement for extensive metric preparation time is a warning sign for a Scrum Team. This shows that metrics are not centralized and compiling them takes a lot of work. Such manual efforts should be discouraged because they contribute little benefit. Additionally, rather than being a universally acknowledged fact, manually calculated measurements may be subject to individual perception. Where possible, automating the metrics calculation would be preferable because it saves the team’s time from having to perform manual calculations.
  • Teams seem hassled about metrics/Teams cannot explain the rationale: Metrics are designed to aid Scrum Teams in improving their performance, but this goal can’t be achieved if the collection and tracking of metrics become a burden for the teams. If the Scrum Team feels frustrated with specific metrics they are required to track, it often means they either don’t comprehend the purpose or how the data will be utilized. In such cases, transparency regarding the reasoning behind data collection can improve team alignment. When feasible, automated data capture reduces the Scrum Team’s burden and can decrease their resistance.
  • Metrics that are judgy/Random R-Y-G windows: Metrics should serve to continually enhance Scrum Team performance, not to impose artificial service level agreements or impose arbitrary “Red-Amber-Green” ranges. Sometimes these metrics are structured without considering the teams’ understanding, resulting in the Scrum Team focusing on presenting data that fits within pre-defined limits, instead of finding ways to improve. This goes against the purpose of metrics, which is to help identify areas for improvement, not to judge team performance.
  • Metrics that create barriers: Metrics should serve to continually enhance Scrum Team performance, not to impose artificial service level agreements or impose arbitrary “Red-Amber-Green” ranges. Sometimes these metrics are structured without considering the teams’ understanding, resulting in the Scrum Team focusing on presenting data that fits within pre-defined limits, instead of finding ways to improve. This goes against the purpose of metrics, which is to help identify areas for improvement, not to judge team performance.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in AgileTagged #AgileLeave a Comment on Early Indications That Your Agile Metrics Need Adjustment

Your Liberty-for-Java Applications from Cloud Foundry Should Be Migrated to the Paketo Buildpack for Liberty

Posted on January 13, 2023January 13, 2023 by Marbenz Antonio

Migrating Cloud Foundry applications to IBM Kubernetes Service

A guide has been created to assist in moving your application from Cloud Foundry to the Liberty Buildpack by Paketo.

IBM has announced the end-of-life for the liberty-for-java buildpack in Cloud Foundry, and users are in need of a migration option. The recommended solution is to use the Paketo Buildpack for Liberty, a cloud-native alternative. The key benefit of using Paketo Buildpack is the capability to convert application source code into consistent container images, which can be used across various platforms, providing greater flexibility and ease of updates.

Additional benefits of using the Paketo Buildpack for Liberty include the capability to construct your application image without the need for a Dockerfile, efficient rebuilds due to built-in caching, and simple modification and updating options.

What’s in the migration guide?

To simplify the migration process, we have created a guide that is divided into two primary parts: creating your Liberty application using the Paketo Buildpack for Liberty, and advanced capabilities for Liberty applications. The guide contains a feature-by-feature comparison of Cloud Foundry and Paketo Buildpack commands in each section. These sections are intended to assist you in moving your application from Cloud Foundry to the Paketo Buildpack for Liberty.

The section of the guide on constructing your Liberty application with the Paketo Buildpack includes the following steps:

  • Building a container image from application source code
  • Building an application with a simple war file
  • Building an application from a Liberty server
  • Building an application from a Liberty-packaged server
  • Building an application by using UBI images

The section of the guide on advanced capabilities for Liberty applications that utilize the Paketo Buildpack for Liberty includes the following areas:

  • Providing server configuration at build time
  • Using Liberty profiles to build applications
  • Installing custom features
  • Installing interim fixes

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in IBMTagged IBMLeave a Comment on Your Liberty-for-Java Applications from Cloud Foundry Should Be Migrated to the Paketo Buildpack for Liberty

Analysis of the RomCom RAT Attack: Faking It to Make It

Posted on January 13, 2023January 13, 2023 by Marbenz Antonio

The RomCom RAT has been circulating – initially in Ukraine, targeting military installations, and now in some countries that speak English such as the United Kingdom.

Initially, the RomCom attack was spread through spear-phishing, but it has since progressed to include techniques such as mimicking legitimate domains and downloads of popular and trustworthy products.

This article, will examine the current situation with RomCom, delve into the issues with digital impersonation, and provide guidance on how to secure software downloads.

RomCom Realities

Contrary to its name, the RomCom RAT is not a light-hearted romantic comedy but a serious cyber-attack where unknown attackers mimic trusted software solutions to gain access to networks. According to The Hacker News, RomCom may be associated with the Cuba ransomware and Industry Spy attacks, as all three use a similar network configuration link. However, this could also be a tactic used by the attackers to distract from their true intentions. Once installed, the RAT has the capability of gathering information, taking screenshots, and sending them to a remote server.

Despite any connection, it may have to cybercrime, the RomCom RAT’s main tactic is to target individuals. By creating legitimate-looking emails from trusted brands, RomCom tricks users into clicking on download links. Additionally, the RomCom RAT actually provides the software being requested, but it also includes a hidden payload. Because the files are often larger than 10 GB, they may not trigger automatic security measures and are instead passed on to security teams for review. Given that the software appears to be legitimate, it may be overlooked. This means that the staff members become both the first line of defense and the primary way for the attack to spread.

The RomCom RAT is malware that primarily targets individuals by disguising itself as legitimate emails from trusted brands. It tricks users into downloading software that contains a hidden payload. The large size of the files, often larger than 10 GB, may allow them to bypass automatic security measures and be overlooked by security teams. This makes the staff members the first line of defense and the primary way for the attack to spread, regardless of any connection it may have to cybercrime.

The Danger of Digital Doppelgangers

To distribute the RomCom RAT effectively, hackers impersonated several legitimate companies such as SolarWinds, KeePass, PDF Technologies, and Veeam by creating decoy websites with similar domain names to the real ones, and offering malware-infected software bundles that appeared to be the legitimate company’s application.

The impersonation of legitimate companies, such as SolarWinds, which recently agreed to pay $26 million in a settlement for the 2020 compromise of its Orion network management platform, and KeePass, which is a tool for keeping passwords safe, is particularly problematic. For example, the hackers created a spoofed version of the KeePass installer site, which offered multiple versions of the software for download, but these versions contained the “hlpr.dat” file that had the RomCom RAT dropper and a Setup.exe file that launches the dropper.

The key tactic used by RomCom is to bundle legitimate services with malware payloads. This makes it difficult for users to detect the malware, as the download includes the tool they requested. Unlike other attacks that may be flagged when the downloaded content is found to be different from what was expected, RomCom ensures that employees receive the solution they requested, but also receive a RAT with it.

In practice, this tactic creates a twofold issue. Firstly, the emails and websites appear legitimate, which may cause staff and security teams to not suspect them as malicious. Secondly, the inclusion of actual software along with the RAT tool may prolong the time between the infection and its detection.

Securing Software Downloads

The most straightforward way to avoid RAT infections would be to avoid downloading and installing any software. However, this is not a practical solution as many tools like SolarWinds, and KeePass requires regular updates to maintain their functionality. Additionally, teams rely on downloading solutions like PDF Reader Pro and other digital media managers to enhance their operational efficiency.

Therefore, businesses need to implement strategies to lower the security risks associated with software downloads, regardless of their origin or intended use.

The first strategy is to enable automatic updates for existing tools. This minimizes the risk of RAT infections by eliminating the need for staff to manually seek and install new versions of software. Since these updates come directly from the software provider’s servers, it makes it harder for attackers to interfere with the process.

Another important step is to implement strict download policies that apply to all staff members without exceptions. This is crucial because the recent RomCom SolarWinds attack not only replicated the company’s free trial download page but also included links to the real SolarWinds contact forms. So, if users filled them out, they would receive a response from actual SolarWinds staff. Meanwhile, the download itself was a malware-infected version of the legitimate tool, which contained the RomCom RAT.

This makes it difficult for even tech-savvy staff to identify the spoof and avoid the download. By limiting download permissions, the attack surface is reduced.

Finally, ongoing monitoring of IT environments is crucial to identify potential issues. For example, if a software download from a seemingly trustworthy company contains both the requested app and a hidden RAT, security teams that rely on the assumption that familiar software is safe may view this download as low risk, allowing the malware to operate undetected. By adopting a zero-trust approach, which assumes that all software poses a potential risk, teams are more likely to detect and eliminate malware, regardless of how it entered the system.

Hope for a Happy Ending

The operators of RomCom RAT are using deception to gain access. By mimicking legitimate websites and disguising malware as functional tools, they aim to trick staff and infiltrate enterprise networks.

It is possible to prevent the spread of RomCom RAT. By implementing automatic updates, creating strict download policies, and adopting a zero-trust approach to detecting hidden threats, companies can keep their downloads secure.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CybersecurityTagged Cyberattacks, cybersecurityLeave a Comment on Analysis of the RomCom RAT Attack: Faking It to Make It

Six Roles That Easily Convert to a Cybersecurity Team

Posted on January 13, 2023January 13, 2023 by Marbenz Antonio

5 Secrets a Cybersecurity Audit Can Reveal - CAI

The cybersecurity industry is facing a shortage of qualified professionals and a high demand for trained experts, which can make it challenging to find the right candidate with the appropriate skill set. However, when searching for specific technical skills, it may be worth considering professionals from other industries who may be a good fit for transitioning into a cybersecurity team. In fact, certain roles may be a better match than what is typically associated with cybersecurity professionals due to their specialized skills.

This article examines six different types of professionals with the necessary skills to transition into a cybersecurity team and how they can be utilized effectively while still working within their areas of expertise.

1. Software Engineers

A software engineer is a person who specializes in designing, developing, testing, and troubleshooting software programs. They are responsible for the creation and maintenance of software applications.

Why the Skill Set is a Match

Software engineers have a wide range of technical abilities, including coding and software creation. They also have knowledge of the intricacies involved in building a secure application. This makes them suitable for various cybersecurity responsibilities. For instance, they can be employed to build applications that are more resistant to cyber-attacks by incorporating security features during the coding process.

What Additional Training do Software Engineers Need?

Software engineers have a solid foundation for cybersecurity but may require additional training in cryptography and network security to be fully equipped. It’s important for them to be aware of different cyber threats, such as malware and phishing. Furthermore, as software development is a rapidly changing field, software engineers should be ready to keep up with the latest advancements to remain competitive.

2. Network Architects

Network architects are in charge of creating, organizing, and executing computer networks. They are familiar with the intricacies of network security and methods for protecting data from external dangers.

Why the Skill Set is a Match

Network architects have a thorough understanding of networking technologies and are skilled in establishing secure networks. While not all security positions necessitate a deep technical understanding, network architects are well-suited to design secure networks and implement security measures. They can also assess existing systems for vulnerabilities and propose solutions to reduce risks.

What Additional Training do Network Architects Need?

While security is generally a core part of network architects’ expertise, it’s still important for them to be aware of the various cyber threats that exist today. They should also stay informed about the latest technologies and techniques related to cybersecurity, such as artificial intelligence (AI) and machine learning (ML). Additionally, it’s crucial for network architects to have the ability to recognize and distinguish between legitimate and malicious traffic signals.

3. IT Support Specialists

IT support specialists are responsible for identifying and solving technical problems related to computers and other electronic devices. They typically have a good understanding of different hardware and software systems.

Why the Skill Set is a Match

IT support specialists have strong analytical abilities, allowing them to quickly identify issues and come up with solutions. They are able to think critically which makes them suitable for investigating security incidents and hunting for malicious actors. Furthermore, their knowledge of different hardware and software systems is crucial in understanding the impact of cyber threats.

What Additional Training do IT Support Specialists Need?

IT support specialists should be familiar with different cyber threats and how to handle them efficiently. They should also have knowledge of risk assessment methods and security architectures, such as access control protocols and identity management solutions. IT support teams usually have a general understanding of security risks, but additional training may be needed for more specialized roles.

4. AI Developers

AI developers are responsible for creating applications that use AI and ML technologies. They have a thorough understanding of data engineering and programming languages such as Python, C++, and Java.

Why the Skill Set is a Match

AI developers comprehend the capabilities of machine-learning algorithms to detect patterns in large sets of data. Therefore, they can be employed to detect and respond to security threats in real time. AI developers can utilize their specialized knowledge to create and maintain advanced penetration testing tools and develop AI-assisted security solutions.

What Additional Training do AI Developers Need?

AI developers have robust programming knowledge but may need to gain more familiarity with various cyber threats. They should be familiar with different attack surfaces and concepts, such as malware analysis and intrusion detection systems. Moreover, they should have knowledge of ethical hacking principles and network security protocols to build secure applications.

5. Cloud Specialists

Cloud specialists are in charge of overseeing cloud-based applications and infrastructure. They typically have a thorough understanding of cloud platforms and technologies, such as Amazon Web Services (AWS), Microsoft Azure, and IBM Cloud. Cloud specialists are also familiar with storage technologies, such as relational databases and big data solutions.

Why the Skill Set is a Match

Cloud specialists are familiar with the robust security services provided by cloud providers, such as identity and access management (IAM). They can utilize these services to ensure that only authorized personnel have access to sensitive information stored in the cloud. They also have knowledge of the various security risks associated with cloud technologies and can offer valuable suggestions on how to minimize them.

What Additional Training do Cloud Specialists Need?

Cloud specialists have a thorough understanding of various cloud services and technologies; but when it comes to adapting to strictly on-premise security infrastructure, they may have to enhance their skills. They should gain knowledge of on-premise security solutions, such as host-based firewalls and endpoint protection systems. Additionally, they should be familiar with different types of cyber threats and how to create secure architectures within an organization and with external parties.

6. Data Analysts

Data analysts are responsible for examining large amounts of data and providing insights into business processes. They have a thorough understanding of areas such as statistical analysis, predictive modeling, and machine learning algorithms.

Why the Skill Set is a Match

Data analysts have the ability to recognize patterns in datasets that might not be obvious to the human eye. They can use this skill to detect and respond to advanced cyber threats such as zero-day exploits or insider threats. Data analysts can also create predictive models that help organizations anticipate future security risks and take preventive measures accordingly.

What Additional Training do Data Analysts Need?

Data analysts may require additional training in areas such as data privacy regulations and compliance standards. They should be familiar with various security tools and procedures to ensure that data is securely stored, transmitted, and processed. Furthermore, they should have a thorough understanding of threat models and attack vectors to detect malicious activity as early as possible.

The Demand for New Cybersecurity Workers Remains High

In summary, transitioning from various positions, such as AI developers, cloud specialists, or data analysts, into cybersecurity is feasible. With appropriate training and expertise, professionals from these backgrounds can become valuable cybersecurity team members. With attackers becoming increasingly sophisticated, organizations require individuals with a strong combination of technical knowledge and analytical abilities to stay ahead of the curve. Organizations can develop and expand their cybersecurity teams without facing a shortage of highly specialized professionals.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CybersecurityTagged cybersecurityLeave a Comment on Six Roles That Easily Convert to a Cybersecurity Team

The Methods Used by Security Teams to Combat False Information

Posted on January 13, 2023 by Marbenz Antonio

Seven ways to protect yourself against misinformation | Knowledge Enterprise

“A lie can travel halfway around the world while the truth is still putting on its shoes.” The quote is often attributed to Mark Twain, however, he never said it. The quote’s origin is unknown, but the concept that lies spread quickly while truth spreads slowly is an old one.

The quote attributed to “Twain” illustrates the distinction between misinformation and disinformation. Misinformation is an error that is spread unintentionally, while disinformation is false information disseminated with the intent to deceive or harm.

In contrast, disinformation is a deliberate deception. Its aim is to deceive, cause harm or gain an advantage by spreading false information. As long as spreading lies is profitable and effortless, businesses must be able to adapt quickly.

Disinformation’s Negative Effects

It all comes down to the intent behind spreading the information. The goal of the person or group sharing the data is crucial. Real-world examples demonstrate the harm caused by these falsehoods and the potential for future abuse they create.

In 2019, scammers utilized AI technology to impersonate the voice of a CEO of a European energy company. They made a phone call using the artificial voice and urgently requested an employee to transfer €220,000 ($243,000) to a Hungarian vendor within 60 minutes. The scammers, anxious as the money did not arrive as quickly as they expected, made two more calls. This raised the employee’s suspicion. However, by then it was too late to recall the funds, and the scammers were able to obtain the money. Fortunately, the company was protected from financial loss by fraud insurance.

Though minimal harm was caused, this incident served as a warning of potential future danger. This was the first recorded instance of AI being used to imitate a voice for fraudulent purposes. Cybersecurity experts anticipate that the next development will be the use of AI to replicate both voice and facial expressions. If the imitation appears and sounds genuine, it will raise no suspicions, making the scam harder to detect and hence more profitable.

Disinformation as a Service

Disinformation can have multiple objectives and the COVID-19 pandemic provided a significant opportunity for scammers. A scam from 2021 highlighted the trend of Disinformation-as-a-Service, where an external party pays for social media influencers to spread and promote disinformation. Fazze, a PR agency that appears to have Russian government backing, approached successful YouTubers to criticize the Pfizer vaccine. Offering large sums of money, the company asked the influencers to spread disinformation, not to disclose their sponsorship, and to present themselves as if they were sharing information. The scheme was exposed when a few YouTubers went public about the strange offer. The BBC reported speculation of Russia’s connection to the scheme to promote their own vaccine, Sputnik V, illuminating how nation-state attacks often initiate disinformation campaigns.

Small and medium-sized businesses (SMBs) can also be targeted. Disinformation spread through the fake review market has a significant impact on small, local businesses. A study on the direct impact of fake reviews on online spending estimated that fake reviews caused businesses to lose $152 billion globally in 2021. The study cites an example of an Australian plastic surgeon whose business decreased by 23% in a single week following a fake review. Similarly, a plumbing business based in California lost 25% of its business when a rival posted a fake review. In New York, two busing companies discovered that fake positive reviews effectively redirected business from one company to the other.

How to Fight Disinformation and Misinformation

Disinformation can be financially rewarding, making it a challenge for businesses of all sizes to deal with. Fortunately, there are actions that can be taken when facing a disinformation or misinformation attack.

  1. Train your employees. There is a possibility that your business will be targeted by malicious actors. Your CSOs and CISOs need the necessary technical and social expertise to counter disinformation. As disinformation is both a security and communications concern, it is also important to provide training to your communications and marketing teams.
  2. Make a plan. IT teams prepare recovery plans for natural and human-induced disasters, and a similar plan is required for a disinformation crisis. Establish team roles and the steps that should be taken when disinformation occurs. Utilize probable scenarios to evaluate the plan and identify weaknesses so that everyone is prepared when the crisis occurs.
  3. Bring in outside forces. Sometimes it can be too overwhelming to handle the PR and communications issues internally. Your IT and security teams may not have the knowledge on how to handle these types of attacks. Bring in external teams that are experienced in resolving technical and PR problems caused by disinformation. Research these companies beforehand so you know who to contact in case of an attack.
  4. Use social media monitoring tools. These tools may not be able to prevent an attack, but they can provide early warning of an impending attack, giving you a few hours or days to activate your plan and minimize the damage.

How to Prevent Disinformation Attacks

Preventative measures are more straightforward and less expensive than trying to combat a disinformation campaign that has spiraled out of control. There are various preventative actions that can be taken to enhance your protection.

  1. Stay vigilant for potential risks and vulnerabilities. Understand the different ways threats can occur. Does your company have a high-profile CEO? Does your brand have a stance on contentious topics? Are you a small business that relies heavily on reviews? These are all factors that can lead to attacks. Identify weaknesses and take steps to strengthen your defenses as soon as possible.
  2. Be proficient in social media. Monitoring tools can provide advance warning of an attack, but social media can also be used as a defensive tool. Keep an eye on what people are saying about your organization. Monitor social media conversations surrounding your brand that you are not initiating. If any activity raises concerns, the communications team can address it.
  3. Take a proactive approach. PR, communications, and marketing teams should engage in ongoing and genuine interactions with customers. This establishes trust and makes customers more likely to approach you with questions before spreading false information. Encourage interactions with partners and vendors for the same purpose.\
  4. Adopt good information practices. Never circulate unverified information. Identify reliable sources and learn how to recognize compromised, hacked, or spoofed sources. Educate employees on how to protect against threats such as phishing and social engineering. Set guidelines for appropriate behavior during company-related activities and how employees should communicate without putting the company at risk. Additionally, provide training for the C-suite on reputation management and how to handle situations where their actions may be recorded and shared.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CybersecurityTagged cybersecurityLeave a Comment on The Methods Used by Security Teams to Combat False Information

Posts navigation

Older posts

Archives

  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • March 2020
  • December 1969

Categories

  • Agile
  • APMG
  • Business
  • Change Management
  • Cisco
  • Citrix
  • Cloud Software
  • Collaborizza
  • Cybersecurity
  • Development
  • DevOps
  • Generic
  • IBM
  • ITIL 4
  • JavaScript
  • Lean Six Sigma
    • Lean
  • Linux
  • Microsoft
  • Online Training
  • Oracle
  • Partnerships
  • Phyton
  • PRINCE2
  • Professional IT Development
  • Project Management
  • Red Hat
  • Salesforce
  • SAP
  • Scrum
  • Selenium
  • SIP
  • Six Sigma
  • Tableau
  • Technology
  • TOGAF
  • Training Programmes
  • Uncategorized
  • VMware
  • Zero Trust

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

home courses services managed learning about us enquire corporate responsibility privacy disclaimer

Our Clients

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.

Client Logo
Client Logo
Client Logo
Client Logo
Client Logo
Client Logo
Client Logo
Client Logo
  • Level 14, 380 St Kilda Road, St Kilda, Melbourne, Victoria Australia 3004
  • Level 4, 45 Queen Street, Auckland, 1010, New Zealand
  • International House. 142 Cromwell Road, London SW7 4EF. United Kingdom
  • Rooms 1318-20 Hollywood Plaza. 610 Nathan Road. Mongkok Kowloon, Hong Kong
  • © 2020 CourseMonster®
Log In Register Reset your possword
Lost Password?
Already have an account? Log In
Please enter your username or email address. You will receive a link to create a new password via email.
If you do not receive this email, please check your spam folder or contact us for assistance.