Physical Penetration Test
Secure Ideas understands the importance of ensuring your physical environment is as secure as your digital environment. We will perform an assessment of physical controls by identifying vulnerabilities and weaknesses in employee awareness and procedures, electronic access and surveillance systems, and within the physical access systems. Secure Ideas will attempt to remove equipment or sensitive client data at physical locations and reach the lobby with the equipment and/or data. The primary objective of the physical penetration test is to identify weaknesses on procedures, employee awareness, and physical controls that prevent unauthorized physical access to sensitive systems or information within the corporate facilities
Some of the techniques utilized by Secure Ideas include:
- Manipulation of electronic systems
- Social engineering and deception
- Infiltration and tailing gating
- Identification forging
- Active eavesdropping
- Dumpster diving
- Lock picking/bumping and lock system bypass
In the process of testing, Secure Ideas may be required to temporarily pose as “attackers”, simulating potential adversaries. Real world adversaries are not constrained by a set of rules of engagement nor concerned about negative impacts to the organization. While Secure Ideas takes every precaution and measure to avoid negative impacts while posing as attackers, the physical and social engineering attack techniques necessary for physical penetration testing become more direct and may require interactions with security personnel and staff members.
In order to minimize the impact of physical testing, Secure Ideas will require two emergency contacts that can be called at any time during the testing to ensure interactions are not unnecessarily escalated. It is also equally important that security personnel and staff members are not informed of any specifics of the physical penetration testing, or the individuals performing the testing, in order to ensure an accurate assessment of the physical controls. Prior to the physical penetration test, Secure Ideas will need to meet with a minimum of two client staff members to review the rules of engagement, scope of the testing, and procedures for contacting appropriate staff members in the event of a security incident.