Social engineering testing involves the attempted manipulation of an organization's employees into allowing unauthorized access to confidential information. This provides insight into how effective the organization's policies and procedures are at mitigating social engineering threats, how well the employees adhere to established policies and procedures, and the level of security awareness that exists among employees.
Information security compliance regulations and guidelines (FDIC, FFIEC, GLBA, HIPAA, HITECH, NCUA, OCC, PCI DSS) require an organization to create an information security program designed to protect confidential information, including Non-Public Personal Information (NPPI). Failure of employees to follow the security policies and procedures of the organization is a major vulnerability to an information security program.
TraceSecurity is considered the top authority in social engineering testing. Our expert analysts have conducted hundreds of social engineering engagements for companies across a wide range of industries. We also provide a cloud-based solution to address all the necessary functions associated with security training and policy management.
TraceSecurity has designed test methods both onsite and remotely. When performed remotely, our experts employ tactics, such as pretext calling, phishing and email hoaxes, that attempt to get employees to divulge user names, passwords, customer NPPI or other confidential information.
Onsite test services include:
Remote test services include:
Test results (for both on-site and remote engagements) are provided in an extensive report containing:
Options (for both on-site and remote engagements):