Physical Access Assessment
Many cyberattacks happen remotely, but sometimes it's what's on the inside that counts. A Physical Access Assessment is designed to physically penetrate your environment. Expected results may include:
- A "trophy" item taken from one of the locations tested
- Results of attempts to access the network inside the target location
- Descriptions of flawed physical security processes that led to a compromise
- Photographic or other evidence that unauthorized access to sensitive areas took place
Methods that DJPaA may use to attempt to penetrate your environment include:
- Identifying personnel within your organization who may have sensitive information
- Examining public information found on the Internet, including that of employees, vendors, business partners, or other trusted individuals or companies
- Impersonating trusted individuals from your organization or other companies
- Phone, email, text message, message board, or other communications with your employees
- Reconnaissance of information about the company that may lead to attack escalation
- Asking an employee to perform tasks that are intended to provide proof-of-concept for a compromise of your environment
- Physically entering a sensitive area inside your environment DJPaA will make multiple attempts, using different methods, to compromise your environment. The results of these attempts will display the general security posture of your organization.
A Physical Access Assessment is generally performed in a non-putative manner, in order to identify the flaws in your process rather than call attention to the actions of individuals. However, in some cases, it may be appropriate to formally discipline individuals who performed significantly worse than the overall security posture would indicate.
Testimonials