Physical Security

Physical security reviews involve reviewing agreed physical security controls and procedures to determine their effectiveness and to identify gaps and weaknesses. This may include reviewing the access control system for doors, CCTV monitoring, and communications. It may cover procedures for controlling visitor access, deliveries and contract services, such as cleaning. It can extend to searching for covert cameras and listening devices in meeting rooms and offices, and may involve investigations into other areas including staff vetting procedures.

Social engineering tests are typically combined with physical and internal network infrastructure tests, and involve testing the ‘human element’ of security. Social engineering is the art of obtaining information by deception, with the aim of gaining unauthorised access to information or resources. As examples, successful scenarios we have used in the past include posing as journalists to find out information about an organisation’s infrastructure, posing as internal IT staff testing a new system, using phishing emails to harvest passwords and obtaining passwords from a helpdesk.