• Avenues in Information Security and Networks
Like What we Do? Contact Us Now
Why VISTA InfoSec

Detailed analysis

The level of advise is ‘not’ the ‘gap’, but ‘how to do it’ as well;

Read More

  •  "We have partnered with VISTA InfoSec for assisting us in implementing a combined ISMS framework encomapssing the ISO 27001 and PCI DSS guidelines for our business. Their domain expertise and consultative solution driven approach were key to address the IT security risks arising from our complex processes. We greatly appreciate their inputs for helping our team prepare; and train for the final compliance audits; and are sure to engage VISTA InfoSec for any of our future initiatives."
    Karthik Ganesan, VP – Operations, Billdesk (Indiaideas)
  •  "We are honored to have this great business relation with your organization.
    We appreciate the most your initiative to build the relation with our organization based on trust before jumping to the legal procedures.
    Plus your continuous support & cooperation to make us earn this valuable certification (ISO27001)."
    Mr.Abdulla H. Al Hammadi, Chief Operating Officer, Electronic Document Centre, Dubai..
  •  "VISTA InfoSec has helped us immensely in making some of the difficult choices related to related to IT infrastructure, their advice at times have been superior than leading IT infrastructure services providers"
    Dhaval Thakkar, D.GM.IT, Lodha Group
  •  "When Khaitan & Co signed on Vista the Firm was looking for an expert in the IT Policy setting area who will be able to give us sufficient time and complete the project on a time bound manner. Overall we are very satisfied with the services rendered by Vista. Their experts have enough information and in-depth knowledge of the industry and have guided us in several areas other than the mandate as well. We will definitely consider them for future projects for their honest and professional approach and usefulness of their deliverables."
    Mr.Nilanjan Ghose COO, Khaitan & Co.
  •  Good knowledge about the standard - earlier and new version - alongwith all that goes on in the IT world be it technology, O/S, various tools, security sites, etc"
    Mahindra Ugine Steel Company
  •  "NASSCOM’s applications are complex and built on multiple platforms so as to meet the demands of our broad and dispersed member base. Additionally, these applications are developed and maintained by various partners. Being the entity that we are, it becomes very important that we maintain utmost security for our members. VISTA InfoSec helped us in analysing our applications and identifying vulnerabilities. Their support and commitment is outstanding. "
    Ameet Nivsarkar, Vice President, NASSCOM
  •  "To implement our ISMS, we choose Vista as our partner based on their expertise. Their functional knowledge and technical expertise was evident in the solution they designed and deployed for us"
    Samir Dadia,, Director, Saama Technologies (I) Ltd.
  •  "We have been working with VISTA InfoSec for more than one year and we find them to be one of the most competent, thorough and most importantly - proactive professionals in their field of work"
    Mr. Anantha Krishnan, IT Head, Siyaram Silk Mills
  •  "We have been working with VISTA InfoSec for more than one year and we find them to be one of the most competent, thorough and most importantly - proactive professionals in their field of work"
    Mr. Anantha Krishnan, IT Head, Siyaram Silk Mills
Home >> Services >> Information Security Assessment >> Penetration Testing >> Social Engineering

Social Engineering

Humans are one of the most fragile links in the security of an organization. Social engineering is a term that describes the non-technical intrusion into your business environment that relies on human interaction, often involving tricking people in order to break normal security policies. Social engineering techniques include everything from phone calls with urgent requests to people with administrative privileges to viruses lurking behind email messages that attempt to lure the user into opening the attachments.

Social EngineeringOur team can help your organization identify social engineering weakness, highlight gaps in the security awareness of your employees and then train your employees to help them become more conscientious of network security.

Before the start our assignment, we closely work with the client to agree with specific and measurable test objectives. The test objectives are tailored to test-specific policies and processes within your organization. This is an excellent way for you to test the effectiveness of your security awareness training program, or to lay the foundation for creating an awareness program.

The types of social engineering testing we can provide:

  • Our team shall perform Social Engineering phone calls to individuals within the organization. Targets will include individuals from the help desk, IT department, human resources, finance, and other departments within the organization. The objective of these calls will be to induce the users to divulge sensitive information over the phone in violation of company policy.
  • Carefully crafted emails will be sent to individuals and groups within the organization in order to attempt to entice the user to click on an external link that will either attempt to gather sensitive information or deliver a malicious payload onto their desktop system which could include browser and operating system buffer overflows, trojan horses and keystroke loggers.
  • USB Flash drives and CD-ROMs with enticing labels such as "Payroll" will be left in public areas such as hallways, restrooms, and break rooms. The media will contain simulated malicious code that will attempt to grab sensitive host information such as the network configuration, list of running processes, and a password hash dump.
  • "Dumpster Diving" - Our team will search internal trash receptacles and external dumpster and disposal areas for sensitive documents and flash, magnetic or optical media that is disposed of in violation of company policy.

Regardless, of the types of social engineering testing is performed, upon completion we will provide a detailed report about the policies that were tested and the result of each attempt. Our approach is through knowledge share and understanding so that you can improve your future security posture by raising security awareness amongst your staff.

Contact us for an Social Engineering "value add presentation" and detailed deliverables for your organization.

 
© VISTA InfoSec Pvt. Ltd. | All Rights Reserved