Social Engineering Assessment
Social Engineering testing identifies real-world vulnerabilities from a human perspective challenging an individual’s awareness of expected adherence to security policies and their ability to resist specific social engineering techniques like phishing attacks. Combining social engineering and physical security assessment maximizes the effectiveness of this assessment.
Review of an existing social engineering training program, social media sites, and challenging individuals within the organization of security policy compliance from a technical and physical perspective. This includes:
- Phishing Campaign: This involves generating “Phishing campaigns” focused on requesting information through email, texting, faxing, and/or, “snail” mail.
- Physical penetration: Combination and impersonation and exploiting physical security issues.
- Specialized social engineering tests: This involves additional challenges to the human element, including USB drops, pure impersonation attacks, dumpster diving, input device manipulation, and other tests.
The human element is always the weakest link in any security system. All security systems can be defeated by a person acting in an unauthorized manner. A social engineering test validates the effectiveness of individuals to respond against hacking techniques directed against, or aiming to compromise, them.