Hi,
We have a pretty thorough bunch of tests for this in the OSSTMM 3 draft.
You can get it at:
http://www.isecom.org/osstmm3.HUMSEC.draft.pdf
as well as recommendations for being prepared to get the most out of the
tests. For example, you may want someone on the inside who can monitor
reactions on various levels. I know when I have done this, we had an
insider who later told us how many calls went to internal support, how many
complaints went to the person who's name we forged on the mail, etc.
Sincerely,
-pete.
webmaster@absolutenetworks.biz wrote:
We all know our weak link but how do you identify just how weak they are? I
think it's time to pen test my user community and have a couple ideas to gather
statistics on just how nonaware they really are. Maybe a simple phishing scam
and bogus email with a fake virus attachment that emails me when it's opened so
I can track how many folks actually opened it. Has anyone ever done this
before? I can't find any information about it on the web.. thoughts and ideas
anybody?
Many thanks
Kurt
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
