Chapter 4 and past chapters discussed about operational security, like Spear Phishing. Aimed specifically at high-level corporate users whose credentials could be used for high-level attacks.  Typically comes from a user that you think you know. Discuss why the social engineering method works and 
also please explain how DHS should handle the situation described in the preceding paragraph.