Information Technology and Infomation Security Consultants
Call PCSS @: 720-990-7556
Contact PCSS today to learn more about our Social Engineering services 720-990-7556.
PCSS offers Social Engineering testing to gauge how well an organization is aware and trained in not allowing access to systems and data by non-technical means. For IT Security social engineering we focus our program in two areas: obtaining network access during penetration testing, and obtaining facility access during site visits. Hackers find Social Engineering to be highly effective and the easiest way to get around well orchestrated technical controls. You probably have witnessed these types of attacks if you have received a call from someone claiming to be from Microsoft or Dell and wanting to help resolve a problem on your computer, or an email claiming that you have a FedEx package and you are not expecting one.
During penetration testing with authorization and coordination with the Client, PCSS uses social engineering tactics such as Vishing (phone calls), and Phishing (emails), phone impersonation, social site communications, and other methods as part of the penetration testing exercise to gain access to the network. Social Engineering activities are normally coordinated with the Client point of contact and the Contact Center to measure how well the organization performed in reporting suspicious activity.
For Physical Security related to Information Security, PCSS uses on-site Social Engineering tactics such as lost badge, piggy backing, dumpster diving, and posing as maintenance to attempt gaining physical access to systems. This normally includes attempting access to restricted areas of the network from within the Client facility such as telecommunications closets and data centers. Only methods previously discussed with, approved by, and coordinated with the designated contact are employed. Similar protocols to our penetration testing are used so that the Client is fully informed of the timing and methods to be used, PCSS has been given written authorization to proceed, and knowledge of the test is limited to those with a need to know.