This sample work program provides general steps organizations should follow when performing a social engineering audit.

Controls tested in this program include: awareness programs are in place requiring employees to maintain confidentiality of credentials and proprietary information; incident management procedures are in place requiring employees to report social engineering attacks immediately; and employees do not divulge sensitive information to unknown individuals.