Despite the fact that security breaches are often caused by the actions of full-time or contract staff, many organizations fail to allocate adequate resources to internal security. Ceptera has experience developing customized scenario-based testing of internal network security based on the characteristics of a client's architecture.

Following an initial assessment, Ceptera consultants perform desktop tests designed to determine the effectiveness of user access controls and restrictions. Follow-up activities may include tests to determine whether it is possible to launch attacks on other networks using the client's system as a base. We would also investigate how systems respond to users viewing or downloading inappropriate material on the Internet. Finally, we would  perform internal penetration tests and targeted application tests.