Our Social Engineering Audit Work Program is designed to help organizations proactively assess and strengthen their defenses against a range of social engineering threats. This tool guides users through every stage of the audit process, from initial planning and target selection to project execution and final reporting. It covers telephonic, electronic and physical social engineering scenarios, providing a structured methodology for evaluating employee awareness, testing incident management procedures, and identifying potential vulnerabilities in both digital and physical environments. It also emphasizes real-world testing techniques, such as phishing simulations and physical access attempts, ensuring that organizations gain practical insights into their risk exposure.

What sets this audit work program apart is its focus on actionable outcomes and continuous improvement. By following its detailed steps, organizations can measure the effectiveness of their security awareness programs, validate incident response protocols, and document observations for future enhancements. This tool facilitates meaningful engagement between auditors and stakeholders through scheduled meetings and clear reporting processes.  

Audit work steps include:

• Establish a method for selecting targets for social engineering.
• Schedule kickoff meetings to discuss the methodology and timeline.
• Obtain current standards, policies and procedures regarding employee security awareness.
• Track results of responses and website usage.