Hackers like personal identifiable information (PII) and will take an opportunity to get files when they can. At least in our country, not protecting this kind of information is illegal.

Knowing that this information is important, we've created a file (HoneyDoc) with the name Organization_PII_Roster.doc that once opened, will alert my incident response team that someone is looking at something that they are not supposed to be looking at.

An example of enticement is that we've taken the file, placed it in an obscure human resources directory, and left the file in plain view of a potential hacker. Although the hackers know that going into systems and stealing information is illegal, they have a choice of either taking it or not taking it. We will know whether or not there is activity to investigate because that special file will either be opened or left alone.

An example of entrapment is that we've taken the file, placed it in an obscure human resources directory, and left the file in plain view of a potential hacker. Although the hackers know that going into systems and stealing information is illegal, they have a choice of either taking it or not taking it. However, you get on Tor, start posting the location of this file in the organization in multiple forums, wait for the file to be opened so you can attribute the person who exploited the network, and then go to court to prosecute them.