Files
Anthropic-Cybersecurity-Skills/skills/conducting-social-engineering-pretext-call/assets/template.md
T

1.9 KiB

Vishing Assessment Report Template

Engagement Details

Field Value
Campaign ID VISH-YYYY-XXX
Client [Organization]
Period YYYY-MM-DD to YYYY-MM-DD
Total Targets XX employees
Pretext(s) Used [List of pretexts]
Assessor [Name]

Executive Summary

[Organization] engaged [Company] to conduct a vishing assessment targeting XX employees across XX departments. The assessment measured employee susceptibility to social engineering pretext calls, specifically testing credential disclosure, verification procedures, and incident reporting behaviors.

Results Summary

Metric Result Benchmark Status
Credential Disclosure Rate XX% <10% Pass/Fail
Sensitive Info Disclosure Rate XX% <20% Pass/Fail
Caller Verification Rate XX% >80% Pass/Fail
Security Reporting Rate XX% >50% Pass/Fail

Call Log

# Target Dept Pretext Cred Disclosed Verified Reported
1 [Name] [Dept] [Pretext] Yes/No Yes/No Yes/No
2 [Name] [Dept] [Pretext] Yes/No Yes/No Yes/No

Department Risk Scores

Department Targets Disclosure Rate Risk Level
Finance XX XX% Critical/High/Medium/Low
HR XX XX% Critical/High/Medium/Low
IT XX XX% Critical/High/Medium/Low

Recommendations

Immediate (0-30 days)

  1. Implement mandatory callback verification for credential requests
  2. Issue security bulletin about vishing threats

Short-Term (30-90 days)

  1. Deploy role-based security awareness training
  2. Establish easy suspicious-call reporting mechanism
  3. Conduct targeted training for high-risk departments

Long-Term (90+ days)

  1. Implement quarterly vishing simulations
  2. Integrate vishing metrics into security KPIs
  3. Develop department-specific verification procedures