Social Engineering Assessment Services PA

1
Social Engineering Assessment - The old saying
that you are only as good as your weakest point
is absolutely true- especially when factoring in
the "people" aspect of IT security.
2
Social Engineering Assessment
Regardless of technologies you implement or
physical barriers you erect, the strength of your
controls comes down to the training, awareness,
diligence and honesty of your company insiders.
Comprehensive security policies and security
awareness training are fundamental controls
within an effective security program. Testing
these controls is also critical to validating and
improving program effectiveness. Social
Engineering Framework Interactive Security's
Social Engineering Framework consists of three
A's Analyze, Assessment, and, Analysis. This
framework should be implemented yearly in order
for clients to see if they are improving or need
to take further actions.
Analyze Assessment Analysis
3
Social Engineering Framework Services PA

• Analyze
• First, we will Analyze the information which is
  deemed to be of value and to be the focus of the
  engineering phase. These items are typically
  sensitive or proprietary to company operations.
• Assessment
• Second, we will Assess all the information based
  on input from the Analyze Phase by utilizing only
  free, open source channels. The collection phase
  utilizes both automated and manual discovery
  processes.
• Analysis
• All collected information is manually inspected
  in detail for possible disclosure of sensitive
  information requested during the Identify Phase.

• Intelligence Gathering
• Phishing
• Verbal Phishing (Phone/Voicemail)
• Physical

4

• Once information is found and analyzed, every
  finding is documented in a prioritized list.
  Interactive Security includes this list along
  with recommendations in the final report.
• Social Engineering Scope Assessment Approaches 
• Each of Interactive Security's Social Engineering
  Assessments are broken down into either black box
  or white box methods. These style of assessment
  approaches are designed to give clients two
  different options for level of effort. 
• Black Box In a black box style assessment, the
  social engineer begins the assessment with no
  prior information from the client, in order to
  see what types of intelligence (OSINT) they can
  find online. For these campaigns, the social
  engineer will gather E-mail addresses, phone
  numbers and information about the physical
  security controls to develop custom attack
  vectors.
• Benefits of black box assessments
• More realistic - Interactive Security's social
  engineers see what they can find without guidance
  of client
• Best method to simulate outside threats

5

• White Box During white box assessments the client
  provides the targets they wish to be tested, such
  as phone numbers, E-mail addresses, and
  locations.
• Benefits of white box assessments
• Client controls what information and which
  employees they want assessed
• Best method to simulate insider threats

6
Intelligence Gathering - Attackers utilize
intelligence gathering tactics against companies
to search for information that could be found in
job postings, employee social media accounts, or
even third-party associations. Once intelligence
is collected, they leverage it to create social
engineering campaigns. Interactive Security
utilizes the same tactics to gather
intelligence.  Phishing - Phishing has been the
starting point of many data breaches. It is
imperative that companies are continuously
training and testing for this style of attack.
Our Phishing Assessments test what percentage of
client employees will pass or fail to a phishing
campaign.
7

• Verbal Phishing (Phone/Voicemail) - Verbal
  Phishing is eliciting sensitive information via
  the phone. Interactive Security utilizes multiple
  approaches to gain information, such as spoofing
  phone numbers and impersonation, just as a
  malicious actor would. 
• Physical - A Physical Assessment can validate
  clients' physical security controls in place and
  company policies or show them areas that need
  improvement.
• Physical security controls, which Interactive
  Security will assess
• Video surveillance
• Security guards
• Locks
• Company policies that may be tested
• No tailgating policies
• Question visitors who are not wearing guest
  badges
• Dumpster driving
• USB Drops

8
Interactive Security has a full suite of social
engineering assessment services that test all
aspects of your human control areas. Interactive
Security can customize these testing programs to
evaluate the risk of information disclosure,
using technical methods like online phishing,
staff impersonation, pretext calling and physical
control tests such as piggy-backing, lock
testing, and other physical entry methods.
9
Interactive Security, Inc. Headquarters in the
Greater Philadelphia Area Call 2678242500 Email
sales_at_intactsec.com Website https//intactsec.co
m/ LinkedIn https//www.linkedin.com/company/inte
ractive-security/