Social Engineering Assessments

A social engineering assessment identifies and exploits vulnerabilities that an attacker could use to gain unauthorized access to internal systems through the application of social engineering attacks on employees or social media properties.

A social engineering assessment imitates the attack techniques and delivery packages an attacker would use to trick your employees into giving out confidential information or unintentionally cross the line into unsafe Internet behaviors.

Our social engineering assessments identify and validate vulnerabilities associated with your employees' use of email and social media.

These tests can be conducted in a variety of fashions:

• As a subset of the scope of a security program assessment or penetration test.
• As a one-time standalone test to evaluate the current state of security awareness and user related controls.
• As an ongoing test of security awareness and user controls.
• As part of a compliance program implemented to meet HIPAA/HITECH, PCI, and/or FFIEC/GLBA obligations.

Regardless of the scope or purpose of the test we use social engineering tests to answer questions such as:

• How effective are information security training and awareness programs?
• How easy is it to gain senstive information from trusted users?
• How easy is it to motivate trusted users into untrustworthy behavior?