Social Engineering

A detailed insight into how effective the organization’s policies and procedures are mitigating social engineering threats.

Social Engineering Testing

Social engineering testing involves the attempted manipulation of an organization’s employees into allowing unauthorized access to confidential information. This provides insight into how effective the organization’s policies and procedures are mitigating social engineering threats, how well the employees adhere to established policies and procedures, and the level of security awareness that exists among employees.

Rudrah LLC Security Solution

Rudrah LLC Security is considered the top authority in social engineering testing. Our expert analysts have conducted hundreds of social engineering engagements for companies across a wide range of industries. We also provide a cloud-based solution to address all the necessary functions associated with security training and policy management.

Rudrah LLC Security has designed test methods both onsite and remotely. When onsite, Rudrah LLC Security experts use various techniques, such as “Dumpster Diving” and “Trusted Authority” disguises, to gain physical access to obtain records, files, and/or equipment that may contain confidential information. When performed remotely, our experts employ tactics, such as pretext calling, phishing and email hoaxes, that attempt to get employees to divulge user names, passwords, customer NPPI or other confidential information.

Key Service Activities

Onsite test services include:

  • Pre-engagement setup with client (includes project planning, scope, defining rules of engagement, information gathering)
  • Spoof emailing (if applicable)
  • Onsite testing for:
    • Employee security and privacy policy awareness and adherence
    • Proper disposal of sensitive data
    • Access privileges
    • Sensitive area security
    • Device/system compromise
    • Technical preventive and detective controls
    • Violation reporting
  • Present preliminary findings to client core team through exit interview

Remote test services include:

  • Pre-engagement setup with silent (includes project planning, scope, defining rules of engagement, information gathering)
  • Remote social engineering (dependent on the scope)
  • Computer-based testing through email spoofing and phishing simulation
  • Phone-based – pretext call testing (dependent on the scope)

Test Results

Test results (for both on-site and remote engagements) are provided in an extensive report containing:

  • Project overview
  • Social engineering test methodology
  • Executive summary
  • Business and technical risks and recommendations
  • Details and exposure of vulnerabilities
  • Recommendations and counter measures
  • Appendix examples

Options

Options (for both on-site and remote engagements):

  • On-demand generation of reports for audit, board and technical staff
  • Training material provided in an extensive recorded ‘Flash’ module
  • Automated learning management system and training management (includes access to security awareness training content)

Talk to An Expert

Rudrah LLC offers custom security assessment options tailored to your organization’s needs and budget, including a security assessment that is performed remotely. Contact us today!

Contact