Testing

Social engineering testing is often a new undertaking for many organizations. To add a new level of realism to the testing, as IT professionals progress to the third level they get an employee to join the testing team. The alternative is for one of the testing team to take a long-term assignment by getting a job in the target organization. For social engineering testing purposes, IT professionals are interested in as much detail about the potential target's information and systems as possible. Reporting is often at a number of levels and may include the development of presentations in addition to the usual written report. In addition to the overall specification and exclusions, a report should clearly explain the testing methodologies used. Following initial contact, targets can be profiled according to their usefulness to an attacker. If users do not have access to the most critical information, then an attacker cannot trick them into sending them the information.