Social engineering is a process to evaluate what many consider the weakest link in your information security posture; the human element. Social engineering leverages the human nature of curiosity and good will to lure someone into divulging sensitive information such as network credentials or to take actions that may allow network access. Email phishing, USB device drop and vishing (phone calls) are methods used to evaluate awareness and response by employees and the IT team.
A Physical Security Review is an evaluation of the measures taken to provide for the physical security of your organization’s information systems as well as client information and vital records maintained on other media. We review and assess eleven key issues within three broad areas critical to effective data facility security; Vital Records and Information Security, Administration, and External Conditions.