It simulates an event where an individual with authorized access to internal infrastructure, tries to access data and systems out of his authorized scope.
Typically two kind of profiles are evaluated:
- Fraudulent advisor
- Unfaithful employee
- Allows to recognize weaknesses in interior systems and processes
- Provides an assessment of the roles’ segregation level between advisor and employee
- Gives the possibility to evaluate the incident’s monitor-and-response capabilities
- Identifies systems that can be accessed by unauthorized users