Despite the fact that security breaches are often caused by the actions (accidental or malicious) of full-time or contract staff, many organisations still fail to allocate adequate resources to internal security. Context has years of experience in developing bespoke scenario-based testing of internal security, based on the individual characteristics of a client's systems.

Following an initial assessment we carry out a series of desktop tests, designed to determine the effectiveness of the restrictions placed on users. Where limited access has been provided to a user, we will seek to find ways to increase privileges, potentially enabling the accessing of unauthorised material or segments of the network. This may also include tests to determine whether or not it is possible to launch attacks on other networks using the client's system as a base. We would also investigate how the system responds to users viewing inappropriate material on internet websites or downloading executables such as hacker software tools. We would also check to see whether or not it is possible to download a test virus signature. Finally, we would usually carry out internal penetration testing and targeted application tests.