Which are the three common types of elicitation in cyber security?


there are few things that excite me more than discussing the inner workings of cyber threats. One method that never fails to amaze me is elicitation. This type of attack seeks to extract sensitive information from unsuspecting victims through psychological manipulation and social engineering.

In my years of experience, I have come across three types of elicitation that are commonly used by hackers and cyber criminals. These are the charm, power, and urgency tactics. Understanding how each tactic works is crucial for anyone looking to improve their cyber security posture.

So if you’re ready to learn more about the three common types of elicitation in cyber security, buckle up and keep reading. Trust me, you don’t want to overlook these tactics and fall prey to malicious hackers.

Which are the three common types of elicitation?

Elicitation is an essential process in business analysis; it consists of discovering and acquiring information from various sources through communication, collaboration, and research. Knowing the types of elicitation is important when determining how to approach eliciting requirements or other information. According to IIBA(r), three common types of elicitation are recognized: collaborative research, collaborative workshops, and interviews.

  • Collaborative research is a type of elicitation where the business analyst takes part in joint research activities with subject matter experts (SMEs). Collaborative research can be an excellent way to build an understanding of complex requirements by working with people who have deeper domain knowledge.
  • Collaborative workshops involve a facilitated group session that enables the business analyst to collect requirements and ideas from a diverse group of stakeholders. This approach promotes collaboration and creativity, which can lead to more innovative solutions.
  • Interviews are one-on-one sessions between the business analyst and a stakeholder. They are ideal for discovering personal perspectives and preferences, clarifying ambiguous points, and gaining a deeper understanding of stakeholder needs. Interviews can be conducted in-person or remotely and can take on different formats such as structured, semi-structured, or unstructured.
  • While there are other types of elicitation such as observation, surveys, and document analysis, the three types mentioned above are some of the most commonly used in business analysis. Choosing the right type of elicitation will depend on the situation and the information that needs to be gathered to ensure that the elicitation event delivers the best possible results.

    ???? Pro Tips:

    1. Stay Vigilant: The most important tip to protect your sensitive information is to stay aware and alert during conversations. When someone you don’t know well or don’t trust starts asking you questions that seem out of context or too personal, it is important to take a step back and consider why they might be interested in such information.

    2. Reframe Questions: One way to protect your information during elicitation attempts is to reframe or redirect questions that seem suspicious. For example, if someone asks for specific details about your company’s security procedures, you can redirect the conversation to discuss general guidelines or practices instead.

    3. Seek Approval: Before sharing any sensitive information, make sure to ask for permission or approval from a higher-up or designated authority. This can help to prevent unwittingly giving away sensitive information to someone who may not have the appropriate clearance or need-to-know.

    4. Be Mindful of Non-Verbal Cues: Elicitation attempts can come in many forms, and sometimes they might not even involve direct questioning. When interacting with strangers or unfamiliar individuals, be mindful of the non-verbal cues they might use to try and elicit information. This could include body language, facial expressions, and other subtle signals.

    5. Limit Information: Finally, it is important to limit the amount of information you share with strangers or those who may have ulterior motives. This could involve sticking to pre-approved scripts or talking points during conversations, or simply being more selective in what details you disclose about yourself or your company.

    Three Common Types of Elicitation:

    Business analysis is an iterative process that involves gathering information from various stakeholders to determine the requirements for a software development project. Elicitation is the process of uncovering the underlying needs and constraints that are driving the need for the development of the software system. There are three types of elicitation methods recognized by the International Institute of Business Analysis (IIBA(R): collaborative elicitation, cognitive elicitation, and document analysis elicitation.

    Collaborative Elicitation involves working with the stakeholders to gather information about the project. This group of stakeholders can include project sponsors, end users, and others who have a vested interest in the project. This type of elicitation method involves a lot of collaboration between the stakeholders. The primary focus of this elicitation type is to identify the areas where the stakeholders have differing opinions or priorities. Once these have been identified, they can be used to create a comprehensive list of requirements for the project.

    Cognitive Elicitation is where the focus shifts to understanding how people think and make decisions. This type of elicitation is more geared towards understanding the mental processes that individuals use to make decisions. Understanding these processes can help to identify areas where there are gaps in the development process. This type of elicitation involves various techniques such as protocol analysis, task analysis, and observation.

    Document Analysis Elicitation is where the focus is on analyzing the existing documentation related to the project. This documentation can include policies, procedures, requirements documentation, and more. The analysis is focused on what is written in the documentation, rather than what is said. This type of elicitation can help to identify the gaps in the existing policies and procedures that may need to be addressed as part of the project.

    Techniques for Collaborative Elicitation:

    Brainstorming is a technique that can be used to generate a large number of ideas. Participants are encouraged to share their thoughts and ideas about the project. The focus is on quantity and not quality. This technique can help to identify areas where there is agreement and where there are differing opinions.

    Focus Groups are similar to brainstorming, but the focus is on gathering a group of stakeholders who have similar interests or perspectives about the project. The moderator of the group encourages open communication and fosters discussion, so everyone can share their opinions.

    Interviews are another technique that can be used to gather information. This technique enables the project team to ask questions of the stakeholders and get their perspectives on the project. The information gathered can be analyzed to identify common themes or trends.

    Techniques for Cognitive Elicitation:

    Protocol Analysis is where the analyst observes an individual as they perform a task. The goal is to understand the process that they use to complete the task. The analyst may ask the individual to think aloud and describe their actions as they perform them.

    Task Analysis is where the analyst breaks down a task into smaller components. The analyst studies each component to understand how each component is performed. The goal is to gain an understanding of the entire task, including the different approaches that can be taken to complete it.

    Observation is where the analyst observes an individual in their natural environment. The goal is to understand how the individual interacts with their environment and what triggers their behaviors. This technique can help to identify areas where the individual may need additional support to ensure their success.

    Techniques for Document Analysis Elicitation:

    Content Analysis is where the analyst reviews the documentation related to the project. The goal is to identify common themes and patterns in the documentation. The analyst may use software tools to assist in the analysis.

    Structured Document Review is where the analyst follows a predefined process for reviewing the documentation. The process includes a set of questions that are asked about the document. The questions are designed to ensure that all relevant information has been captured in the documentation.

    In conclusion, the three types of elicitation methods recognized by IIBA(R) are collaborative elicitation, cognitive elicitation, and document analysis elicitation. Each method has its own set of techniques and tools that can be used to effectively gather information about the project requirements. By using these methods, business analysts can ensure that they have a comprehensive understanding of the project requirements and can help the development team to build software that meets the needs of the stakeholders.