Your Partner for a Secure Future|secureme@swordshield.com|(800) 810-1885

Services
- Security Services
  
  Our enterprise-wide security solutions meet the most demanding security requirements of IT environments, reducing security risks against your entire organization.
  
  Managed Security
  
  24/7 Security Operations Center
  
  Digital Forensics
  
  Mobile Forensics
  
  eDiscovery
  
  Incident Response
  
  Sensitive Data Discovery
  Security Assessments
  
  Are you a target? Are you prepared? Sword & Shield is equipped to help you answer these questions and implement the necessary protocols to protect your company's valuable data.
  
  Security Assessments Overview
  
  Penetration Testing
  
  Web Application Assessment
  
  Social Engineering
  
  Data Breach Threat Analysis
  
  Purple Team Assessment Service
Compliance
- Compliance & Risk
  HIPAA Compliance
  
  We assist you in demonstrating your HIPAA compliance with our HCP Trustmark.
  
  Find out more
  
  PCI Compliance
  
  We help you plan, analyze, track and monitor your PCI compliance program.
  
  Find out more
  
  HITRUST Certification
  
  Our certified practitioners remove the uncertainty of HITRUST to make compliance less "painful."
  
  Find out more
  
  Experian EI3PA Compliance
  
  We assess your credit information system's compliance with Experian standards.
  
  Find out more
  
  NIST/DFARS Compliance
  
  We set you on a clear and faster path to fulfilling government standards and controls.
  
  Find out more
  
  Cyber Insurance
  
  We mitigate risk through comprehensive cyber liability and data breach specialty insurance.
  
  Find out more
Solutions
- Enterprise Solutions
  
  Access an entire team of security professionals for less than the cost of one. Our approach helps ensure that security and compliance measures are properly factored into your business and technology decisions while at the same time keeping your budget on track.
  
  Enterprise Solutions
  
  Virtual Chief Information Security Officer
  
  Virtual Security and Compliance Consultant Subscription
  
  Strategic Security Assessment
  Products
  
  Browse our full line of enterprise-class security products. We offer solutions in authentication, encryption, wireless security, and security management.
  
  Find Out More
  Products Renewal Program
  
  Through our Products Renewal Program we oversee and manage the renewal and maintenance of all of your licenses and contracts giving you a single point-of-contact.
  
  Find Out More
Federal
Training
Resources
Company
- About Us
- Clients
- Contact Us
- Events
- Careers
- Awards

Security AssessmentsSocial Engineering

title bar pixelated squares - Social Engineering

Sword & Shield uses Social Engineering exercises to determine your company's overall security awareness, physical security, and risks for leaking information to unauthorized persons.

Sword & Shield performs Social Engineering exercises in an attempt to trick employees into divulging confidential information that may be used to compromise network defenses. This form of security assessment targets people and processes instead of technology.

The Sword & Shield Approach to Social Engineering

We work with clients to define the targets, location and type of social engineering to be employed. The end results can provide vital security awareness training to employees and produce vital data for reducing risk. Our Social Engineering consists of three equally important parts:

Targets – persons from whom the security analyst will attempt to extract sensitive information,
Means – resources used to extract sensitive information from the target; can include telephone, e-mail, fax, text messaging and face-to-face communication, and
Sensitive Information – the scope of data the security analyst will attempt to extract from the target; ranges from user login credentials to network design specs.

Types of Social Engineering Exercises

Phishing – Sword & Shield analysts work with the client to create a targeted phishing message from a supposedly trusted source. Sword & Shield tracks the open and click through rate and follows up with employees that inadvertently reveal information.
Pre-Texting – Sword & Shield analysts make phone calls impersonating someone with perceived authority or privilege in order to gather key information like user names, passwords, access codes, etc.
Baiting – Sword & Shield analysts leave a USB flash drive or other form of mobile storage media in an open area in order to identify employees that attempt to use the device, and those who turn it in to the appropriate department.
Tailgating (or Piggy-backing) – Analysts attempt to bypass physical security at client sites in order to roam unescorted, looking for open offices and/or unsecured workstations.

Questions Our Report Will Answer

How effective is my security awareness training?
How effective is my physical security?
What is the risk that confidential information can be leaked?

Security Awareness Testing results and analysis are presented in a comprehensive report. The report details the vulnerabilities present and/or exploited using social engineering techniques. In addition to describing the current security posture, the report provides recommendations for improving security and reducing risk.

Real Success Story

As part of a social engineering exercise for a large U.S. manufacturing firm, Sword & Shield analysts determined that the help desk did not require employees to provide any type of authentication to reset their domain account password. Using this knowledge, the Sword & Shield team successfully contacted the firm’s help desk and had the password changed for a senior director. The Sword & Shield team then accessed the firm’s internal network using the compromised account in conjunction with the firm’s remote access VPN.

Based on Sword & Shield’s findings, the manufacturing firm updated the help desk policies and procedures, introduced annual security awareness training for all employees, and implemented two-factor authentication for the remote access VPN. Sword & Shield’s Social Engineering exercise helped the manufacturing firm identify the need for employee security awareness training.

Security Assessments

Your organization’s reputation is one of its most valuable assets. Sword & Shield’s comprehensive suite of Security Assessments can expose your hidden risks and vulnerabilities and help you develop a plan to reduce your risks and prepare for attacks targeting your valuable data.

Find Out More

Datasheet Download

Security Assessments Data Sheet

Expose Your Hidden Risks and Vulnerabilities

Request a Free Consultation for our Security Assessment services.

Request Consultation

Featured Additional Security Assessment Services

Sword & Shield provides a wide variety of security assessment related services for our clients. The following list provides an overview of some of the most common services we perform. For more details about these services or other services we perform, contact us today.

Database Security

Our engineers are experienced in auditing Oracle, Microsoft SQL, Notes, and several other database management system products. Among other things, Sword & Shield security engineers analyze authentication and authorization controls in the database system for least-privilege access controls and audit traceability. Emphasis is placed on matching the degree of security with the business and operational needs.

Firewall Audit

A Sword & Shield Firewall/Router Audit thoroughly evaluates the rule base for known security risks and policy violations. As a first line of defense against attacks, firewalls and routers must be implemented and maintained properly. Our Firewall/Router Audit provides a detailed analysis that reduces risks and increases perimeter security.

Mobile Application Assessment

Our Mobile Application Assessment, when combined with our Web Application Assessment, provides a comprehensive assessment of the security of the web application and the mobile devices used to interact with the application. The service analyzes the network transmissions and forensically analyzes the mobile device(s) used.

Phone Sweep

Sword & Shield performs a sweep of the telephone address space to detect unauthorized modems and authorized but insecure modems. We can perform a phone sweep as a stand-alone service, or as part of another service, such as an external network vulnerability/penetration test.

Security Architecture Review

The Architecture Review and Design process is coordinated through a client project manager and includes a set of structured interviews. These interviews and reviews focus on business areas supported by the network and the technology staff that supports the business units.

Virtual Infrastructure Assessment

This service provides the customer with the analysis necessary to protect all facets of a virtualized infrastructure. Included are areas related to access control, the application of least privilege, data protection, secure network configuration, disaster recovery planning and testing, and threat analysis. The goal of the assessment is to identify security gaps and develop remediation strategies.

VPN Audit

The VPN Audit service audits your VPN and your VPN policies and recommends techniques to optimize and enhance your VPN’s effectiveness. We identify potential security vulnerabilities and help you reduce your risks.

Website Security Consulting

Web application security encompasses measures taken throughout the application’s life cycle to prevent exceptions in the security policy of an application or the underlying system vulnerabilities through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Wireless Security

Sword & Shield's Wireless Testing examines the subsystems, components and security mechanisms of a wireless network and identifies any weaknesses.

Security Services

Security Assessments

Compliance & Risk

HIPAA Compliance

PCI Compliance

HITRUST Certification

Experian EI3PA Compliance

NIST/DFARS Compliance

Cyber Insurance

Enterprise Solutions

Products

Products Renewal Program

Security AssessmentsSocial Engineering

Sword & Shield uses Social Engineering exercises to determine your company's overall security awareness, physical security, and risks for leaking information to unauthorized persons.

The Sword & Shield Approach to Social Engineering

Types of Social Engineering Exercises

Questions Our Report Will Answer

Real Success Story

Security Assessments

Datasheet Download

Expose Your Hidden Risks and Vulnerabilities

Featured Additional Security Assessment Services

Database Security

Firewall Audit

Mobile Application Assessment

Phone Sweep

Security Architecture Review

Virtual Infrastructure Assessment

VPN Audit

Website Security Consulting

Wireless Security