discussing the current state of the security industry, Nick
Selby a director at a leading risk management firm
said the following:
do not segregate their attack resources between physical
and logical domains, and you as an organization should
not segregate your defense resources. Counter-social
engineering training and awareness and testing, and
physical penetration tests combined with logical ones
and other means of providing realistic security testing
should be considered by organizations wishing to truly
understand their security posture.
the CORE Group, this is precisely what we believe. Testing
only your data systems and your network might be an
adequate security assessment on paper... and, yes, it will
satisfy any number of regulatory compliance requirements.
However, if you really want to review just how effective your
security is, incorporating some measure of direct, physical
auditing into your process can provide a remarkable
return on investment.
an appointment with The CORE Group is the most basic, straightforward,
and economical method of getting a fresh take on your physical
security posture. Having The CORE Group staff accompany
you on a tour of your facility, pointing out potential problem
areas and asking pertinent questions about specific technologies
in use, often can be conducted with little advance notice
and in brief time windows.
will most likely identify more potential points of intrusion
in one afternoon than you would find with six months of
conventional scans and vulnerability testing. Suggestions
for straightforward fixes to your areas of weakness will
often entail simple changes costing a mere fraction of your
existing security budget.
those seeking a more real-world audit of their security,
the CORE Group does offer full-scale red team style testing.
Blended attacks encompassing surreptitious penetration and
security bypass coupled with social engineering and information
procurement can yield remarkable results.
your company is truly committed to this level of self-assessment,
we are open to speaking directly with management about the
procedures and execution of such an exercise. By having
us probe your defenses with your staff unaware, you not
only can see how strongly your physical security withstands
intrusion, but also how your personnel training and company
procedures are being implemented.
Be Aware - The CORE Group will not engage in actions
that will endanger human life or safety, or which are
deemed illegal by local, state, or federal laws. The
CORE Group requires a signed letter of permission that
is carried on the auditors person at all times
CORE Group is comfortable working with companies of all sizes,
and will perform jobs either directly with clients or as part
of another enterprise's larger assessment package. Feel free
to contact us with any questions that you may have concerning
how our services can integrate with your larger security plans.