Vigilar Delivers Enhanced Version of its Social Engineering Assessment Services; Key Asset Identification Becomes Preliminary Component of Vigilar's Social Engineering Assessment Services.ATLANTA -- Vigilar, the leading information security consulting firm Noun 1. consulting firm - a firm of experts providing professional advice to an organization for a fee consulting company business firm, firm, house - the members of a business organization that owns or operates one or more establishments; "he worked for a , announced today that it has delivered a more comprehensive version of its Social Engineering Assessment Services. Social Engineering is the process of exploiting weaknesses in personal interaction to gain access to equipment, data, or sensitive material within an organization. Vigilar has conducted social engineering assessments as part of establishing optimal security postures for its clients since 2003, and as a result of this experience has developed an organization-wide and more methodical me·thod·i·cal also me·thod·ic adj. 1. Arranged or proceeding in regular, systematic order. 2. Characterized by ordered and systematic habits or behavior. See Synonyms at orderly. approach to social engineering engagements. By their very nature people are trusting beings, which makes for good social interaction amongst trustworthy people. In business, however, when a person's trust is exploited, company data, information, and property are at risk. As part of Vigilar's Social Engineering Assessment Services, clients engage Vigilar to assess their organizations' security posture through attempts to gain access to secured items through employee interaction. Secured items can include copies of confidential documents, access to internal data networks, and access to physically secured equipment. "Social engineering is fast becoming part and parcel to our clients' overall information security strategy," said Palaniswamy (Raj raj also Raj n. Dominion or rule, especially the British rule over India (1757-1947). [Hindi r ) Rajan, Vigilar's President and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. . "The face of the hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. has changed from an individual who simply wanted bragging rights to international organized criminals who penetrate organizations for financial gain. The attacker has become more sophisticated and cunning Cunning See also Trickery. Adler, Irene cleverly foiled Sherlock Holmes and the King of Bohemia. [Br. Lit.: Doyle “A Scandal in Bohemia” in Sherlock Holmes] Artful Dodger , and organizations need to maintain a high level of awareness or else fall victim. The bottom line is that you can have all the right technology in place, installed correctly and optimally running, but if your employees are uneducated or if policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental are not stringent or upheld, your assets are at just as much risk as if you were not running any information security technologies at all." One enhancement made to Vigilar's Social Engineering Assessments is the identification prior to the start of this social engineering engagement of the client's key assets needing the highest level of security. Vigilar added this component after several engagements where clients had misidentified their most valuable asset. For example, several clients assumed that their key asset was the network itself, when in reality it was neither the network nor the data on the network - it was specific consumer data housed within a singular SINGULAR, construction. In grammar the singular is used to express only one, not plural. Johnson. 2. In law, the singular frequently includes the plural. component on the network and multiple filing cabinets throughout the company. After identifying key client assets, Vigilar's consultants then focus on vulnerabilities in acquiring those assets. In one example, one client in particular whose goal it was to better secure their assets which they determined from the start to be customer data, engaged Vigilar to find out if and where their vulnerabilities lay. Continued Rajan, "Two of our ethical hackers A programmer who legally attempts to break into a computer system or network in order to find its vulnerabilities. See penetration test. gained entry into a satellite office and the company's headquarters, both of which were secured quite well with badge-only access and security guards. We then accessed their network via a computer set up for one of our ethical hackers by a helpful receptionist. Within the few hours our ethical hackers spent at the client's headquarters and while most of the office was out to lunch, they photographed numerous sensitive documents that were lying unsecured on employee and executives' desks. "We follow up all social engineering engagements with a detailed report and plan for remediation. In this case, we installed two new technology solutions, provided training and worked with their CISO See CSO. to rewrite re·write v. re·wrote , re·writ·ten , re·writ·ing, re·writes v.tr. 1. To write again, especially in a different or improved form; revise. 2. policies and procedures. This example underscores the need for all organizations to continuously question whether they have established and are maintaining an optimal security posture." Enhancements to Vigilar's Social Engineering Assessment Services also include the continued build out of its assessment team with skilled experts, one of which had top security clearance from the US Federal Government. Ten tips to Thwart Social Engineering Attempts Training employees to have a healthy skepticism skepticism (skĕp`tĭsĭzəm) [Gr.,=to reflect], philosophic position holding that the possibility of knowledge is limited either because of the limitations of the mind or because of the inaccessibility of its object. of others: --Employees should never announce on outgoing voicemails that he/she is out of the office and not checking voicemail or email - these individuals become the target of impersonations. --Presenting a business card should not serve as sufficient evidence that a person is a company employee or partner. Always verify affiliations. --There is usually a good reason why someone's badge is not working in a card reader. --All visitors should be escorted at all times. --Internal 'help desk' professionals do not have use for individual user IDs and/or passwords. --Never use a password that is less than eight keystrokes. --Passwords should always have letter and number combinations. --Employees should never use the names of their children as passwords. --Organizations should conduct ongoing security awareness Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization. training and randomly test employees against it. --Go back to the basics: Enforce a clean desk policy. Secure sensitive printed documents and lock computers while away from desks or overnight. About Vigilar Since its inception in 2000, Vigilar, the leading information security consulting firm, has focused solely on establishing organization-wide optimal security postures for its clients. Vigilar's security expertise is all-encompassing and includes regulatory compliance services, risk assessments, IT security audits, managed security services Security services are state institutions for the provision of intelligence, primarily of a strategic nature, but also including protective security intelligence. Examples include the Security Service (MI5) and the Secret Intelligence Service (MI6) in the United Kingdom, and the , security architecture design, product selection and delivery, implementation services, technical support, and IT and security training. Vigilar partners with more than 100 leading security technology innovators innovators people who will try new things. early innovators important figures in the farming or client community because they are the leaders in the introduction of new techniques and management systems. to meet the diverse needs of its client base, which numbers in the thousands and spans a broad range of industries. To learn more about Vigilar, visit www.vigilar.com. |
|
Printer friendly
Cite/link
Email
Feedback
Reader Opinion