Overcoming the insider: reducing employee computer crime through Situational Crime Prevention
Communications of the ACM - The Status of the P versus NP Problem
Testing Production Systems Safely: Common Precautions in Penetration Testing
TAIC-PART '09 Proceedings of the 2009 Testing: Academic and Industrial Conference - Practice and Research Techniques
Training students to steal: a practical assignment in computer security education
Proceedings of the 42nd ACM technical symposium on Computer science education
Effectiveness of Physical, Social and Digital Mechanisms against Laptop Theft in Open Organizations
GREENCOM-CPSCOM '10 Proceedings of the 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing
| Hi-index | 0.00 |
Penetration tests on IT systems are sometimes coupled with physical penetration tests and social engineering. In physical penetration tests where social engineering is allowed, the penetration tester directly interacts with the employees. These interactions are usually based on deception and if not done properly can upset the employees, violate their privacy or damage their trust toward the organization and might lead to law suits and loss of productivity. We propose two methodologies for performing a physical penetration test where the goal is to gain an asset using social engineering. These methodologies aim to reduce the impact of the penetration test on the employees. The methodologies have been validated by a set of penetration tests performed over a period of two years.