Saturn Partners

• Home
• Services
  • SCADA Testing/Nerc Compliance
  • Computer and Network Forensics
  • Emergency Notification
  • Email and Social Engineering
  • Disaster Recovery and Business Continuity Planning
  • Network Security Policies
  • Security Assessments/Business Process Improvement
  • Vulnerability Assessments
  • VOIP Security Assessments
  • Regulatory Compliance
• Contracts &
  Certification
• Partners
• News
  • Video
• Contact Us

“

An updated and regularly tested network security policy is the core of every sound network security plan

”

EMAIL AND SOCIAL ENGINEERING SERVICES

At SPI, we know that frequently the biggest security "holes" involve the human aspect of business- namely, employees knowingly or unknowlingy divulging confidential employer information which could compromise the security of the client network and corporate environment. We have designed a two part strategy for our clients for Email and Onsite Social Engineering to investigate and correct this problem.

Email is a powerful social and business tool but one frequently abused/misused by employees. Many times the security breach is not malicious, but unintentionally done or carelessly done. Our intent is to email targeted personnel to attempt to get them to, through email contact, divulge bank information, customer information, etc. to our investigator. We work through several attempts, noting all actions and reactions of the targeted person, along with our line of inquiry and methods of inquiring sensitive information to them.

The remote Social Engineering engagement involves the manipulation of the organizations by telephone or email in an attempt to get employees to divulge user names, passwords, customer NPPI or other confidential information.

The remote engagement techniques typically include:

Pretext Calling

Phishing

Email Hoaxes

The remote engagement tests for the following vulnerabilities:

Privacy Policy Awareness and Implementation

Institution Policy Adherence

Violation Reporting

Access Privileges

Privacy Filtering

Technical Preventive and Detective Controls

If the client has employee security training, we would study this to test the targeted employee to ascertain their level of understanding of security responsibilities regarding /customer/sensitive information when attempting to gain unauthorized information. Full details are documented of all steps taken during this set of attempts, which could occur over days or a few weeks, depending on the reaction of the employee to the attempts. All findings would be documented in our usual fashion with a written and electronic outbrief of the findings and security risks we see posed by the reaction of the employee.

Onsite Social Engineering:

The onsite engagement techniques typically include:

Dumpster diving

“Trusted Authority” disguises, such as fire inspectors, air condition repairman, pest control employee, etc.

The onsite engagement tests for the following vulnerabilities:

Proper Disposal of Sensitive Data

Privacy Policy Awareness and Implementation

Institution Policy Adherence

Violation Reporting

Access Privileges

Sensitive Area Security

Device/System Compromise

Please contact us at info@saturnpartners.com for more information or contact us at 262-942-3626.

For more information contact us:

• cacrawf@saturnpartners.com
• Phone: 262-942-3626
• Fax: 262-694-8205
• www.saturnpartners.com

All contents © 2009 The Saturn Partners

Powered by VisualMedia