Social Engineering Testing

Security Assessment Risk Assessment IT Security Audit Penetration Testing Social Engineering Application Testing Wireless Assessment Security Training

Products

Regulatory Compliance Software – TraceCompliance Manager Risk Management Software – Trace Risk Manager IT Audit Management Software – Trace IT Audit Manager Compliance Monitoring Software – TraceComply Vulnerability Scanner – TraceAssess Policy Management Software – TracePolicy Training Software – TraceTrain Security Awareness Program Information Security Policy Development TSCM Implementation Program Security Compliance Tools

Secure Communications – TraceTunnel Multi-Factor Authentication – TraceAuthenticate

Industries

Credit Union Banking General Business / Retail Education Government Healthcare Electric Power

Resource / Media Center

In the News Events Webcasts Educational Articles Customer Successes Whitepapers Press Releases Video Testimonials Security Awareness Toolkit

Company

Overview Management Board Contact Us Partners Associations Careers Support

TraceSecurity has provided Social Engineering testing to hundreds of organizations throughout the world. During the Social Engineering testing, TraceSecurity experts attempt to manipulate an organization’s employees into allowing unauthorized access to confidential information. This allows the organization to test their Information Security Policy and their employees’ adherence to that policy.

Compliance Overview

IT Security Compliance regulations and guidelines (GLBA, FFIEC, FDIC, NCUA, OCC, OTS) require an organization to create an Information Security Program designed to protect confidential information, including Non-Public Personal Information (NPPI). Failure of employees to follow the security policies and procedures of the organization is a major vulnerability to an Information Security Program.

Solution Overview

During the Social Engineering testing, TraceSecurity experts attempt to manipulate an organization’s employees into allowing unauthorized access to confidential information. This allows the organization to test their Information Security Policy and their employees’ adherence to that policy.

TraceSecurity has designed techniques that can be performed both onsite and remotely. When onsite, the TraceSecurity experts will use various techniques - such as “Dumpster diving” and “Trusted Authority” disguises - to gain physical access to obtain records, files, and/or equipment that may contain confidential information.

View options for Onsite or Remote Services

Some of the services included in TraceSecurity's Onsite Social Engineering Engagement include:

Pre-Engagement Setup with Client (includes Project Planning, scope, Defining Rules of Engagement, Information Gathering)
Spoof Emailing (if applicable)
Onsite Testing to test for:
- Employee Security and Privacy Policy Awareness & Adherence
- Proper disposal of Sensitive Data
- Access Privileges
- Sensitive Area Security
- Device/System Compromise
- Technical Preventive & Detective Controls
- Violation Reporting
Present Preliminary Findings to Client Core Team through Exit Interview

Additional Options

The PREMIUM level of both the Onsite and Remote Social Engineering Engagement also includes training material provided in an extensive recorded ‘Flash’ module.

Customers opting for a PREMIUM Social Engineering Engagement may choose to receive unlimited access to TraceSecurity Compliance Manager with the following benefits:

TraceTrain - Automated Learning Management System and Training Management; Including Access to Security Awareness Training content

The Onsite Social Engineering test results are provided in an extensive report containing:

Project Overview

Social Engineering Test Methodology

Executive Summary

Business and Technical Risks & Recommendations

Details & Exposure of Vulnerabilities

Recommendations and Counter Measures

Appendix Examples

TraceSecurity’s Social Engineering results are provided through the TraceReport module of TraceCompliance Manager. The TraceReport module allows reports to be generated on demand.

Remote Social Engineering Engagement

When the social engineering engagement is performed remotely, TraceSecurity experts will employ tactics like Pretext Calling, Phishing and Email Hoaxes in an attempt to get employees to divulge user names, passwords, customer NPPI or other confidential information.

Some of the services included in TraceSecurity's Remote Social Engineering Engagement include:

Pre-Engagement Setup with Client (includes Project Planning, scope, Defining Rules of Engagement, Information Gathering)

Remote Social Engineering (dependent on the scope)

Computer Based Testing through Email Spoofing and Phishing Simulation

Phone Based – Pretext Call Testing (dependent on the scope)

Other Social Engineering Tests: (dependent on the scope)

Additional Options

The PREMIUM level of both the Onsite and Remote Social Engineering Engagement also includes training material provided in an extensive recorded ‘Flash’ module.

Customers opting for a PREMIUM Remote Social Engineering Engagement may choose to receive unlimited access to TraceSecurity Compliance Manager with the following benefits:

TraceTrain - Automated Learning Management System and Training Management; Including Access to Security Awareness Training content

The Remote Social Engineering test results are provided in an extensive report containing:

Project Overview

Social Engineering Test Methodology

Executive Summary

Business and Technical Risks & Recommendations

Details & Exposure of Vulnerabilities

Recommendations and Counter Measures

Appendix Examples

TraceSecurity’s Social Engineering results are provided through the TraceReport module of TraceCompliance Manager. The TraceReport module allows reports to be generated on demand.

Mitigating IT Security Risks with Penetration Tests

Product Datasheets

White Papers

Related Solutions