Your security is our responsibility

 
Solutions
 
ICT

Business Continuity

Information Assurance

Networking

Network Services

Network Cabling

Wireless Networking

Risk Assessment

Network security assessment

Firewall security assessment

VPN security assessment

Wireless security assessment

Social engineering security assessment

Server security configuration assessment

Microsoft® Windows® security assessment

Network architecture security assessment

Mobile security assessment

VoIP security assessment(if apppcable)

IPTV Security Assessment

Physical security assessment

IT Security

Information Security

Information Security Challenges

Computer Security

Why Choose our Security Services

Security Architecture Design & Review

 

Consultation

Training

Request a Quote

Company

Company Policy

Free Security Check

 


Our engineers have extensive  experience and a wide scope of qualifications. We are continually in touch with skill advancements and endeavour in maintaining a competitive edge by staying ahead of emerging technologies.

Certifications - CISSP, CISM, MCSE, MCSES, MCSEM, CEH, CEF and CCNA.
CIW Security Analyser
MCSES
CISSP Certification

Social Engineering Security Assessment

The term "social engineering" has been used for years by hackers to describe the technique of using persuasion and/or deception to gain access to information systems. Such persuasion and deception is typically implemented through human conversation or other interaction. The medium of choice is usually the telephone, but it can also be communicated via an email message, a television commercial, or countless other mediums for provoking human reaction. (Consider a floppy drive or CD labelled “Payroll” and left in a hallway or restroom within an organisation. On the media is malicious code. Would anyone in the organisation insert this media into their computer and access the contents?), we will perform the type of social engineering most appropriate for your organisation.

The term "social engineering" has been used for years by hackers to describe the technique of using persuasion and/or deception to gain access to information systems.

Our methodology mirrors our approach to security assessments. We begin with target identification and information gathering, followed by exploitation attempts. We systematically apply these principles in a customised approach which depends on the objectives of the particular situation. We work closely with our client to define the test scenarios. The test scenarios are tailored to test-specific policies and processes within their organisation. Some organisations may have incident response procedures in place to report suspicious phone calls.

GNS can test these procedures by making obvious attempts at gaining confidential information without proper authorisation. This is an excellent way to test the effectiveness of a security awareness training program, or lay the foundation for creating an awareness program.

Three common attack vectors we have identified include:

  • Phone calls to individuals within the organisation. This will normally include the helpdesk and specific individuals that are identified as critical company personnel.
  • Carefully crafted Phishing emails targeting specific groups or individuals that would attempt to coax information from the recipient.
  • A floppy drive or CD with an enticing label such as "Payroll" or "Quarter-end Preliminary Results" that is left in a hallway or restroom in specifically targeted locations. On the media will be malicious code.

 

Regardless of what type of social engineering testing is finally agreed upon, when we complete the testing, we will provide a detailed report about the policies that were tested, and the results of each attempt.