The Risk Management process requires that Management identify, assess, measure, mitigate, and monitor those risks that may be present due to the type of services offered and the systems employed to deliver those services. Although threats are broad and variable they can often be categorized as Internal or External. Internal threats include social engineering, terminated or disgruntled employees, vendors, viruses, chat programs, etc. External threats include browsers, unsecured modems, hackers, crackers, other unauthorized users, etc.
We will conduct a risk assessment type known as a qualitative risk assessment. In a qualitative approach we will assign a rating to each risk and countermeasure that is derived from a consensus opinion of Reliant and the organization being tested. We will develop scenarios to lay out the possible threats and their potential outcomes.
Process
Reliant’s Social Engineering Testing service follows the basic process outlined below:
- Our security team will conduct a high-level review of existing environment prior to any onsite work;
- Conduct vulnerability testing if required;
- Interview experts within the organization to identify assets;
- Develop risk scenarios;
- Identify Threats from risk scenarios;
- Rank the seriousness of threats and estimate probability of occurrence;
- Rank effectiveness of various countermeasures;
- Write report of all vulnerabilities including remediation steps;
- Review report with internal staff