Security Awareness Assessment

The capabilities of employees and contractors to perform their work in a secure manner and respond appropriately to threats is essential to maintaining an effective security posture.  Through a Security Awareness Assessment, organizations gain an understanding of how personnel perform in the face of threats and train them on how to improve.

This assessment consists of four main phases:

1. Open Source Intelligence Report

   Information about your organization that already available online that malicious actors can research to craft social engineering attacks. Information includes leaked credentials, company personnel details and contact information, and any potentially proprietary information about the organization that is found in publicly accessible locations.

2. Targeted Phishing Campaigns

   Employees are targeted with phishing campaigns tailored based on information gathered from the open source reconnaissance efforts.  Multiple rounds of phishing are conducted with different messages and detailed reactions by personnel are captured and analyzed.

3. Security Awareness Training

   A presentation is made either in-person or through webinar providing actionable information for organization employees and contractors on secure work practices.  Results from the phishing campaigns are shared as a way to provide real world examples of attack scenarios and to drive engagement.

4. Ongoing Awareness Improvement

   Further phishing campaigns are conducted post-training to cement the principles learned in the training and measure improvement in security awareness performance.  Results of these campaigns and awareness trend analysis are provided to management.