9.6. Learning from Social Engineering Audits
If you have ever broken a limb you know that as you recover your doctor may send you for therapy. As therapists rehabilitate you, you may undergo some stress testing. This type of testing enables your doctors to see whether you have weaknesses that need to be strengthened. The same applies for your business, except instead of waiting for the "break" to occur before you "test," social engineering audits enable you to stress-test your company before a breach occurs.
The following sections answer a few key questions when it comes to social engineering audits and how to choose the best auditor. Before getting into the depth of social engineering audits, you should know what an audit really is.
9.6.1. Understanding What a Social Engineering Audit Is
In the most basic terms a social engineering audit is where a security professional is hired to test the people, policies, and physical perimeter of a company by simulating the same attacks that a malicious social engineer would use. The two main differences between a malicious social engineer and a professional auditor are:
Usually, moral and legal guidelines exist that a professional auditor will follow.
Get Social Engineering: The Art of Human Hacking now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
