Castleforce IT Security Team

Social Engineering

Social engineering: Performed by our consultants in order to give a clear assessment of the security posture of the organisation when faced with attacks aimed at tricking human beings into divulging sensitive information, or performing actions on the attacker’s behalf. Two types of testing are performed as detailed below:
 
Remote: Gain access to systems by tricking human beings into divulging confidential information or granting unauthorised physical or network access to business systems and report results.
 
On-site: Gain access to the physical location and attempt to steal devices containing confidential information and plant devices such as USB key loggers in order to gain access to systems locally and remotely.  On-site tests can be filmed using covert cameras to provide clear footage of security gaps which can subsequently be used as a reference for internal IT Security Awareness training.

Social engineering is the hardest form of attack to defend against because it cannot be prevented with hardware or software alone. A company may have rock-solid authentication processes, VPNs, or firewalls, but still be vulnerable to attacks that exploit the human element.

Social engineering can be broken into two types: human-based, person to person interaction; and computer-based interaction using computer software that automates the attempt to engineer information.

For example, an attacker may impersonate someone in an organization and make phone calls to employees of that organization requesting passwords for use in maintenance operations.

Contact Us about Social Engineering 

Social engineering describes the acquisition of sensitive information or inappropriate access privileges by an outsider, based upon the building of inappropriate trust relationships.

It exploits the human side of computing, using the art of manipulation to trick someone into providing valuable information or allowing access to that information.

Compliance Standards

Castleforce can help you reach PCI DSS

Requirement 11 Regularly test security systems and processes

12.1.3 Includes a review at least once a year 

Castleforce can help you reach GCSx CoCo

2.4 Compliance Checking

 

Trend Micro Websense integrated Web, data and email security The Mycroft Gateway solution provides DSAS accredited hosting environments for UK Restricted data Safend Secure your Endpoints Stonesoft produce high availability multi link ISP firewalls to help reduce single point of failure AwareGO IT Security Awareness Training LogLogic open log management and database activity monitoring Aruba Networks securing the wireless LAN SureCloud automates the vulnerability management life-cycle nuBridges Application and Database Encryption with encryption, tokenization and key management Network Access Control and IPS by ForeScout C2C Email archiving, file archiving email management software Bit9 Application Whitelisting Titus-labs classify your data

© Copyright Castleforce 2007-2010. Web design by Theme Group