Social Engineering Testing

Security Assessment Risk Assessment IT Security Audit Penetration Testing Social Engineering Application Testing Policy Management Security Training

Products

Regulatory Compliance Software – TraceCompliance Manager Risk Management Software – Trace Risk Manager IT Audit Management Software – Trace IT Audit Manager Compliance Monitoring Software – TraceComply Vulnerability Scanner – TraceAssess Policy Management Software – TracePolicy Training Software – TraceTrain Vulnerability Alerting Software – TraceAlert Security Compliance Tools

Secure Communications – TraceTunnel Site Authentication – TraceAssure Multi-Factor Authentication – TraceAuthenticate

Industries

Credit Union Banking General Business / Retail Education Government Healthcare Electric Power

Resource / Media Center

Press Releases In the News Events Webcasts Customer Successes Whitepapers Video Testimonials

Company

Overview Management Board Contact Us Partners Careers Support

IT Security Compliance regulations and guidelines (GLBA, NCUA, FFIEC, HIPAA, etc.) require an organization to create an Information Security Program designed to protect confidential information, including Non-Public Personal Information (NPPI). Failure of employees to follow the security policies and procedures of the organization is a major vulnerability to an Information Security Program.

TraceSecurity has provided Social Engineering testing to hundreds of organizations throughout the world. During the Social Engineering testing, TraceSecurity experts attempt to manipulate an organization’s employees into allowing unauthorized access to confidential information. This allows the organization to test their Information Security Policy and their employees’ adherence to that policy. By hiring TraceSecurity to perform this test, the organization can identify failure points and train its staff in order to prevent an actual breach. TraceSecurity has designed techniques that can be performed both onsite and remotely.

During an onsite engagement, the TraceSecurity experts will use various techniques to gain physical access to obtain records, files, and/or equipment that may contain confidential information.

The onsite engagement techniques typically include:

Dumpster diving
“Trusted Authority” disguises, such as fire inspectors, air condition repairman, pest control employee, etc.

The onsite engagement tests for the following vulnerabilities:

Proper Disposal of Sensitive Data
Privacy Policy Awareness and Implementation
Institution Policy Adherence
Violation Reporting
Access Privileges
Sensitive Area Security
Device/System Compromise
Technical Preventive and Detective Controls

The remote Social Engineering engagement involves the manipulation of the organizations by telephone or email in an attempt to get employees to divulge user names, passwords, customer NPPI or other confidential information

The remote engagement techniques typically include:

Pretext Calling
Phishing
Email Hoaxes

The remote engagement tests for the following vulnerabilities:

Privacy Policy Awareness and Implementation
Institution Policy Adherence
Violation Reporting
Access Privileges
Privacy Filtering
Technical Preventive and Detective Controls

TraceSecurity’s Social Engineering results are provided through the TraceReport module of TraceCompliance Manager. The TraceReport module allows reports to be generated on demand.

White Papers

Related Solutions