Social Engineering Testing
Security practitioners have always understood the relationship between security controls and the people that operate or otherwise interact with them.Portcullis has a long track-record of working with clients to understand where security controls are weakened or inadvertently bypassed through human interaction. Social engineering is one evaluation strategy in this space, with options for on-site, telephone and Internet based exercises. Example exercises include attempting to gain access to premises and conducting controlled phishing attacks.
Social engineering testing isn’t the only way to evaluate the human impact on security and it can be combined with audit, interviews and other exercises to provide a clear picture of human derived security weaknesses.
Benefits of social engineering testing
- Identifies weaknesses within the organization.
- Measures the effectiveness of your security awareness programs.
- An understanding of real-world risks posed to the organization from the perspective of an attacker, going beyond the limitations of automated scanning.