SOCIAL ENGINEERING
During this phase of the engagement, Security Compliance Associates will perform social engineering, attempt to penetrate nonpublic areas of the facility during and after business hours, attempt to gain access to employees’ desktop computers, attempt to gain access to sensitive documents and information stored on other media, and conduct pretext calling and e-mail phishing to test and evaluate employee awareness and response. Exercise may include various costume guises, official business pretense and third party ruse.
SCA conducts elements of social engineering, during each on-site visit. A typical full program may entail 3 to 4 on-site visits, allowing for a more thorough evaluation. Clients that contract for individual services such as an Internal Assessment, may expect only one series of exercises. These services are generally included in the project scope, however, SCA will provide quotes for stand alone social engineering assignments.
