Social Engineering is a malicious, fraudulent activity performed with the intent to acquire sensitive information. Phishing can be performed through email communications while vishing is performed through telephone communications. RedLegg provides social engineering testing, to better your security posture and increase security awareness in your organization.
Benefits of Social Engineering performed by RedLegg include:
Gain insight into many of the risks faced within your enterprise by identifying shortcomings in your existing security program.
Prioritize the biggest threats to the organization and strategically plan the necessary roadmap to safeguard your organization.
Reduce the impact and likelihood of a successful breach and data exfiltration through testing and securing of your organization.
Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.
RedLegg’s Social Engineering engagement consists of one or more phishing or vishing campaigns, each consisting of one or more testing scenarios (waves) completed across six project phases. Depending on the length and depth of the engagement, certain steps may be repeated as additional campaigns or individual scenarios are requested or added to uncover further potential security awareness and vulnerability issues in the employee environment.
The RedLegg methodology can be summarized as follows:
After the campaign is complete, the RedLegg delivery team will gather the results for report creation. This phase will repeat for each campaign that is launched, and results in an email with the tabulated results attached.
RedLegg delivers a comprehensive report for all campaigns conducted, including an executive summary, long- and short-term planning tips, and training or remediation recommendations. This phase concludes the Social Engineering Engagement, and includes a conference call, if needed, for reviewing the report.
After the campaign is complete, the RedLegg delivery team will gather the results for report creation. This phase will repeat for each campaign that is launched, and results in an email with the tabulated results attached.
RedLegg delivers a comprehensive report for all campaigns conducted, including an executive summary, long- and short-term planning tips, and training or remediation recommendations. This phase concludes the Social Engineering Engagement, and includes a conference call, if needed, for reviewing the report.
Depending on the scope of your test, the following are potential deliverables and testing options:
Choose a phishing and/or vishing campaign to test your organization.
Choose the frequency of your campaign: quarterly, monthly, or a personalized frequency.
You may also choose between a blast or staggered email frequency.
Set your desired update type and frequency: weekly emails or weekly calls to discuss the progress of your test.
Choose from three levels of reporting: a basic deliverable consisting of tabulated results, an executive report as well as tabulated results, or a custom deliverable.
Choose a phishing and/or vishing campaign to test your organization.
Choose the frequency of your campaign: quarterly, monthly, or a personalized frequency.
You may also choose between a blast or staggered email frequency.
Set your desired update type and frequency: weekly emails or weekly calls to discuss the progress of your test.
Choose from three levels of reporting: a basic deliverable consisting of tabulated results, an executive report as well as tabulated results, or a custom deliverable.
RedLegg is an innovative, global security firm that delivers managed cybersecurity solutions and peace of mind to its clients.
RedLegg’s approach to information security protects the confidentiality, integrity, and availability of critical data based on a sound risk management framework. This approach allows organizations to engage business owners in defining acceptable levels of risk and to participate in the process for evaluating threats.
RedLegg’s ARMEE (Assess, Remediate, Monitor, Educate, Enforce) methodology institutes a lifecycle that allows for an ongoing process to continuously improve the security posture of the organization. This methodology is designed to be portable to all business, legal, regulatory, and security requirements of the organization. It is flexible enough to account for the constant flux in the market place, attack vectors, and protection mechanisms.
Reach out to our expert staff to dive into your security gaps and to protect your company from breaches.
DISCOVER MY SECURITY RISKS