Premium Essay

Cyber Security

In:

Submitted By Ujjwalagrawalco
Words 11999
Pages 48
2011

Ethical Hacking & Penetration Testing
ACC 626: IT Research Paper

Emily Chow 20241123 July 1, 2011

I. Introduction
Due to the increasing vulnerability to hacking in today’s changing security environment, the protection of an organization’s information security system has become a business imperative . With the access to the Internet by anyone, anywhere and anytime, the Internet’s “ubiquitous presence and global accessibility” can become an organization’s weakness because its security controls can become more easily compromised by internal and external threats. Hence, the purpose of the research paper is to strengthen the awareness of ethical hacking in the Chartered Accountants (CA) profession, also known as penetration testing, by evaluating the effectiveness and efficiency of the information security system.
2 1

II. What is Ethical Hacking/Penetration Testing?
Ethical hacking and penetration testing is a preventative measure which consists of a chain of legitimate tools that identify and exploit a company’s security weaknesses . It uses the same or similar techniques of malicious hackers to attack key vulnerabilities in the company’s security system, which then can be mitigated and closed. In other words, penetration testing can be described as not “tapping the door” , but “breaking through the door” . These tests reveal how easy an organization’s security controls can be penetrated, and to obtain access to its confidential and sensitive information asset by hackers. As a result, ethical hacking is an effective tool that can help assist CA professionals to better understand the organization’s information systems and its strategy, as well as to enhance the level of assurance and IS audits if used properly.
4 5 3

III. Basic Characteristics of Penetration Testing
Different Types of “Hat Hackers”
There are different types of “hat hackers” that should be

Similar Documents

Free Essay

Cyber Security: Cyber Terrorism

...Introduction Cyber security refers to the practices and processes that are used in technologies such as networks, computers, information and programs from damages by unwarranted entities (Ahmad, Yunos & Sahib, 2012). There are different attacks towards technology which may distort information or be used to create tension in an organization. Information stored in computers has some level of privacy and this depends on the level of sensitivity that such information may have towards that organization. Business strategies, political discussions and government documents are some of the documents that require a higher degree of privacy. However, there are individuals who cause deliberate attacks on the information systems of organizations and governments in order to unlawfully access information or distort the meaning of such data. The intention of cyber attacks has led to the classification of these attacks into particular classes. For example, we have cyber bullying and cyber terrorism. Under cyber bullying, the attackers use technology to abuse and intimidate their targets. Cyber bullying has been common through the presence of the social media where an individual will use pseudo-accounts to publish half truths about others with a bid to embarrass them. On the other hand, cyber terrorism involves the use of technology to access vital government sites in order to cause harm and fear in the society through terrorism activities. Brunst (2010) indicates that cyber terrorist activities...

Words: 1810 - Pages: 8

Premium Essay

Cyber Security

...INTRODUCTION: This research report conducts analysis on security. Technology these days is going up very fast and technology has been changed the route business administered by giving online services to their customers, to secure data in to “cloud” and allowing them to get their data from smart phones and tablets. This process of securing data has given many benefits to small and large business alike. But where the benefits are there will be some risk present. Risk will be like lost of data or to protect data by any attack of security. According to a survey which took place in 2012 about security, the graph of crimes and security attacks is gradually going up every year. As we talk about security it’s a very huge field to do research on it. Security has many different units in a field. One can’t do a research on this topic. The topic I am going to discuss in my research is cyber security. Cyber security these days is important everywhere. Where ever the data is, we need cyber security to protect and maintain our data according to our requirements Cyber crime is far reaching, general and continually joined with different parts of the criminal natural gathering. It runs from the thievery of a specific's character to the complete interruption of a nation's Internet compromise in light of a huge trap against its masterminding and taking care of assets. The definite focus of cybercrime divisions is on information-the information which is stored electronically for resulting and...

Words: 1426 - Pages: 6

Premium Essay

Cyber Security

...Cyber security is a critical and growing issue in the world today. President Obama said this issue is, "one of the most serious economic and national security threats our nation faces" (Cybersecurity). The United States is one of the most computer dependent societies and has the most computer dependent military and intelligence agencies. With more and, more of our country being ran by technology we are at a bigger risk of attack. A cyber attack could be the most devastating attack our country has ever faced. An attack on America’s cyber infrastructure could cripple the country and put us at an even greater risk of a normal attack. FBI Director said “Counterterrorism — stopping terrorist attacks — with the FBI is the present number one priority. But down the road, the cyber threat, which cuts across all FBI programs, will be the number one threat to the country” (Paganini). The message is clear the cyber security threat we are facing today is a dangerous and growing threat that has serious offensive potential and is often difficult to detect or prevent. An attack on a nation’s critical infrastructure can be devastating and when you add the fact that cyber attacks often do not make themselves know until it is to late could make for a devastating first strike prior to an invasion. Cyber security is defined as measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack. The term “cyber security threat” means...

Words: 2041 - Pages: 9

Premium Essay

Cyber Security

...CYBER SECURITY NAME ISNTITUTION Cyber security plays an important part in managing information for various functions. In hospitals for example where doctors need to share information about several patients and all other important information about emergency and non-emergency access of this information. The security and privacy of a patient is one of the key points in the doctors’ profession. There are several ways in which patient’s information can be secured online through the internet and the intranet as used by various health facilities. This information regarding health care, patient, and administrator records need to be secure for a credible healthcare system (Shoemaker & Conklin, 2012). While designing any system it is necessary to determine the security risk that is generated while developing any platform that is used. In understanding the security risks estimation, one has to carefully analyze the intensity of the risk and classify them accordingly. One of the ways in which you can classify the risks is to look at the impact in which the risk may put to the information. This can be low impact and high impact. Low impact risk will be given lowest priority while responding to risk while that with the high impact will be given the highest priority. One of the ways used in analyzing the risks is by using the protection poker for software risk assessment. This analyzes the ease of attack. Ease of attack looks at the vulnerability of the site and program...

Words: 596 - Pages: 3

Premium Essay

Cyber Security

...CYBER SECURITY INTRODUCTION It is also known as “Computer Security or IT security”. It is applied to the security of computer, computer network and the data stored and transmitted over them. Today the computer system are used in wide variety of “smart devices, including Smartphone’s,  televisions and tiny devices as part of the Internet of Things, and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other networks. Computer security covers all the processes and mechanisms by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction and the process of applying security measures to ensure confidentiality, integrity, and availability of data both in transit and at rest. There are the various elements of the cyber security which are as: 1. Application Security 2. Information Security 3. Network Security 4. Mobile Security 5. Internet Security 6. Cyberwarfare One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks. The traditional approach has been to focus most resources on the most crucial system components and protect against the biggest known threats, which necessitated leaving some less important system components undefended and some less dangerous risks not protected. "The threat is advancing quicker than we can keep up with it. The threat changes faster than our idea of the risk. It's no longer...

Words: 3559 - Pages: 15

Free Essay

Cyber Security

...Escalating cyber-attacks on the general public and distinct divisions such as the immediate neighborhood, nationwide, and worldwide level have stimulated an increase in financing and support for the examination of increased cyber security enhancements. The purpose of this paper is to discuss the new technologies for boosting cyber security in a local level, national level and in the Global level. The paper focuses on pointing out the mandate of the government to fight cyber insecurity. New technologies need to dynamically assess networks in real-time such as with the use of Remote Agents for real time reports. These technologies also need to make the probability of attack less predictable and constantly evolving such as through the use of moving target defense. Introduction Cybercriminals still create new routes in which to exploit and victimize people and In as much as country state programmers trade off with firms, government organizations, and non-administrative associations to make undercover work systems secure, information is still being stolen. As the social world gets to a new paradigm where use of sophisticated devices and gadgets and technology go mainstream, we end up putting our privacy into the brink of attack. This is because the cyber criminals too are advancing in their technology to exploit victims in the new paradigm. For instance, a large number of staff today now carry versatile gadget that are able to detect their location using the Global...

Words: 590 - Pages: 3

Premium Essay

Cyber Security

...UNIVERSITY | Cyber Security | | Patrice Brockington | 4/20/2013 | | Cyber Security The security of online files, applications, documents, consumer information, and organization information are just some of the valued items that need to be secure from cyber threats. Companies and organization that utilize the internet to conduct business know all too well the importance of securing the information and any and all information of those that they do business with. Having some general knowledge of what cyber security is and the importance of it is our purpose in this brief. Cyber security is the “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack”, as defined by Merriam-Webster.com (Online, 2013). In general practice cyber security is simply securing online information and service systems. If you ever entered your name, address or any personal information online or into some database to win a prize this information is online or somehow accessible via the Internet. It is this type of information that so many millions of people are concerned about if it is secure or not, since it is out on the Internet. “The nation’s critical infrastructure relies heavily on the Internet for everything from submitting taxes, to applying for student loans, to following traffic signals, to even powering our homes” (Government, 2013). This is why cyber security is one of this country’s most important national security priorities...

Words: 645 - Pages: 3

Premium Essay

Cyber Security

...In this age where the use of computers and networks related to them has become commonplace, there has developed problems concerning cyber security. Cyber security is an important factor to be considered if one is to be able to protect oneself from malicious people and software from the internet. Most of the threats to computer networks come from the internet and these are often intentional, having been developed by people with malicious intent. Cyber security is, therefore, an attempt by individuals to protect their personal information and other digital assets from attacks from the internet. Cyber security involves various steps the most important of these being an individual’s understanding of the different forms of attacks that they are likely to encounter. Once one has knowledge of this, then it is his or her responsibility to ensure that they have put in place the best security system they can get their hands on. There exist different types of threats and these can be considered to be of varying levels and risks to an individual’s personal information in their computers. The higher the possibility of an attack, the more advanced the security system that is to be put in place to ensure that the threat is minimized. Cyber security involves dealing with threats that range from malicious codes, which are known as malware and spyware, to computer viruses. Some of these viruses are so serious that they have the ability to erase entire operating systems of computers. These...

Words: 374 - Pages: 2

Premium Essay

Cyber Security

...6 20 Cyber crime:Law Enforcement And E-Government Transnational Issues Individ ual Assignment #1 Leggett,Ronnell 3/3/13 2 Table Of Content Introduction ................................................................. 3-5 Current Government Interventions/ Methods............. 5-7 linpact/Effects .............................................................. 7-8 Private Industry Rcsponsibilit)' ............................... 8-9 Conclusion ........................................................................ 9-10 Reference Page ........................................................... 11 3 Introd uction Over the last several years we have witnessed many changes and transformations occur in tcclmology including advances in phone. television, and compu ter comm unication outlets. Being able to use and ma nipulate technology has now become an essential part of everyday lifo, this is especiall y important with the use of the World Wide Web and the plentiful resources it has to offer. With these new advances of technology we often find an apparent generation gap where more and more Americans arc born into new technology \'1hi lc others arc still trying lo figure it ou t. Most impo11 y. with these tech nological advances. crime has adapted to thi s new age as antl well. Consumers are pu t at new and higher risks when purchasi ng goods (Baker. 2006). Several decades ago the crimes reported by the news w1::re of a physical natu re, often...

Words: 2550 - Pages: 11

Premium Essay

Cyber Security

.... Does the definition of cyber security change when the situation/environment changes? For example, is there a difference between home, government, and private industry? 2. What have you learned in this module that you plan to put into practice? What have you learned that reinforces habits you're already practicing? 1. Cyber security definition does indeed change when the situation/environment changes. In the paper “An evolving threat” of m-trends, it talks about different organizations working to keep their information safe. At home, only the individuals in the household are at risk of getting their personal information exposed and possibly stolen. Government would have information that can affect not just a household but an entire city, state, or even country that terrorist can get a hold of to gain money or power. A private industry would have private secrets or blueprints that can be seen. The security software may differ depending on the information needed to protect. Overall, cyber security is very necessary for all groups to keep their assets protected. 2. I was amazed to learn about the HTTPS and did not think twice when I connected to hot spots or any free wireless if my information would be protected and safe. I know I am not the only person who is distracted with the new technology and forgets to worry about cyber security, but I feel that the best practices has helped me gain better understanding on why it is important to stay current on the latest...

Words: 303 - Pages: 2

Premium Essay

Cyber Security

...System Administrators are the ones responsible for ensuring computers work in the business world. Along with that responsibility, comes the accountability when the operating systems (OS) fail to meet business needs. Maintaining the security of e-commerce and business processes is a major concern for system administrators. Protecting the operating systems is the main component when it comes to shielding all the information systems. The software scripts of the OS are what enable network devices, servers and desktops to communicate as a whole. OS is the glue that keeps all the files, hardware, and software together. The OS role includes managing files, processing controls of computer programs, and serving as GUI between the computer and user. With all the responsibility an OS is bound to have weaknesses. Typically, security vulnerabilities are usually rooted from glitches/bugs in the scripts that run beneath the OS. The most commonly used OS are Unix, Mac OS, and Microsoft Windows. With Windows being the leading OS, security patches have to be downloaded constantly. With out identifying a specific OS, there are advantages and disadvantages that can be implemented to protect the OS. Advantages of Securing OS Mitigating internal security threats is a common practice that should have a plan of action to protect business systems as a whole. Securing the physical hardware; servers, consoles routers etc. is essential. The actual system it self should be physically protected and authorized...

Words: 2482 - Pages: 10

Free Essay

Cyber Security

...United States Cyber Command is most active commands in the military in recent days. It was established in 2009, it became operational in October 31, 2010. Cyber command (CYBERCOM) carries responsibilities to secure all website under military and can be authorized via executive order either defend or proceed to attack the attacker during the cyber-attack. CYBERCOM provides support to us forces to carry out their missions around the world, and provides defense against the cyber-attack. It enables the DOD capabilities in cyberspace, provides assurance for a reliable information network and strengthens DoD capability to defend cyber threats. The command also works closely with interagency and international partners in executing these critical missions For now, the Department of Defense and CYBERCOM can only focus on what they can control—bolstering capabilities and clearing up internal gray areas. The rules of engagement, when they’re finished, will make roles and responses to threats clearer. And CYBERCOM is in line for an $800 million budget boost—up to $4.7 billion—in the 2014 DOD budget released in April. The extra funds are aimed at increasing offensive capabilities, like disabling enemy computer systems during a conflict. “We like to laugh that government doesn’t make decisions very fast and has trouble operating at network speed, but there are reasons for that,” Lynn said. “You are considering the diplomatic impacts, the presidential impacts. What about collateral damage...

Words: 273 - Pages: 2

Premium Essay

Cyber Security

...STUDY GUIDE Cyber Security 1. What is the difference between a threat agent and a threat? Threat: A category of objects, persons, or other entities that presents a danger to an asset. Threats are always present and can be purposeful or undirected. For example, hackers purposefully threaten unprotected information systems, while severe storms incidentally threaten buildings and their contents. Threat agent: The specific instance or a component of a threat. For example, all hackers in the world present a collective threat, while Kevin Mitnick, who was convicted for hacking into phone systems, is a specific threat agent. Likewise, a lightning strike, hailstorm, or tornado is a threat agent that is part of the threat of severe storms. 2. What is the difference between vulnerability and exposure? Vulnerability: A weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Some examples of vulnerabilities are a flaw in a software package, an unprotected system port, and an unlocked door. Some well-known vulnerabilities have been examined, documented, and published; others remain latent (or undiscovered). Exposure: A condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The organization needs to have clear parameters and set regulation when it...

Words: 894 - Pages: 4

Premium Essay

Cyber Security

...Define Cyber Security. Computer security is also known as cyber security or IT security which refers to techniques for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization. It is an information security as applied to computers and computer networks. The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. Computer security also includes protection from unplanned events and natural disasters. Most computer security measures involve data encryption and passwords. Data encryption is the translation of data into a form that is unintelligible without a deciphering mechanism. A password is a secret word or phrase that gives a user access to a particular program or system. The following terms are used in the engineering secure systems are explained below.  Authentication techniques can be used to ensure that communication end-points are who they say they are.  Automated theorem proving and other verification tools can enable critical algorithms and code used in secure systems to be mathematically proven to meet their specifications.  Capability and access control list techniques can be used to ensure privilege separation and mandatory access control. This section discusses their use.  Chain of trust techniques can be used to attempt to ensure that all software loaded has been certified...

Words: 519 - Pages: 3

Free Essay

Cyber Crime and Security

...Solo causing $800,000 in damages (Campbell, 2014). While in the systems, McKinnon deleted vital files from the operating systems, which ultimately shutdown approximately 2,000 computers on the U.S. Army and Navy networks. In 2002, the UK National Hi-Tech Crime Unit (NHTCU) interviewed McKinnon and his computer was seized. During the interview, he acknowledged accessing the systems, but stated he was gathering information about UFOs because the government was hiding pertinent facts. Additionally, McKinnon was indicted by a federal grand jury in the U.S. and potentially faced a maximum sentence of 70 years in confinement; however, he was not extradited because of a controversy involving jurisdiction , extradition laws and penalties for cyber crime. Furthermore, the Director of Public Prosecutions (DPP) refused to conduct a trial in the UK because a bulk of the evidence was located in the US and McKinnon’s actions were against the US and its interests (Arnell & Reid, 2009). In 2008, McKinnon was medically diagnosed with Asperger’s Syndrome, a form of autism, and having clinical depression. After being diagnosed, the political parties within the UK were divided because the main topic of discussion was McKinnon’s human rights versus his criminal behavior (Mackenzie & Watts, 2010). Even though some called McKinnon’s condition a trick and a way for him to avoid extradition, others felt the UK government was being insensitive and should have done more because various reports...

Words: 1063 - Pages: 5