Determine if they are safe, based on levels of awareness, gaps and exposure of security devices, and whether they allow systems to be protected against phishing attacks and social engineering.