Physical Access Assessment

Many cyberattacks happen remotely, but sometimes it's what's on the inside that counts. A Physical Access Assessment is designed to physically penetrate your environment. Expected results may include:

  • A "trophy" item taken from one of the locations tested
  • Results of attempts to access the network inside the target location
  • Descriptions of flawed physical security processes that led to a compromise
  • Photographic or other evidence that unauthorized access to sensitive areas took place

Methods that DJPaA may use to attempt to penetrate your environment include:

  • Identifying personnel within your organization who may have sensitive information
  • Examining public information found on the Internet, including that of employees, vendors, business partners, or other trusted individuals or companies
  • Impersonating trusted individuals from your organization or other companies
  • Phone, email, text message, message board, or other communications with your employees
  • Reconnaissance of information about the company that may lead to attack escalation
  • Asking an employee to perform tasks that are intended to provide proof-of-concept for a compromise of your environment
  • Physically entering a sensitive area inside your environment DJPaA will make multiple attempts, using different methods, to compromise your environment. The results of these attempts will display the general security posture of your organization.

A Physical Access Assessment is generally performed in a non-putative manner, in order to identify the flaws in your process rather than call attention to the actions of individuals. However, in some cases, it may be appropriate to formally discipline individuals who performed significantly worse than the overall security posture would indicate.

Get a Quote

Testimonials

"His record of corporate successes in a highly competitive cybersecurity environment speaks for itself."
-Carlos Fernandes
Purcellville, Virginia
" In particular, he provided the core capability we needed to execute a recent cybersecurity assessment for the U.S. Department of Energy (DOE)."
-Ranson J. Ricks
Indianapolis, Indiana
"David has impressed me with his ability to maintain a high degree of security knowledge in a field that is constantly changing."
-Timothy M. Opsitnick