MSc CIS7027 Information Security Management

ASSIGNMENT 2012

Critique the employment of ethical hacking as a way of reviewing and strengthening the security of

information systems

Hansa EdirisingheBSc (Hons) University of Portsmouth, UK

MSc IT - Cardiff Metropolitan University, UK

Why did I selected this topic ?

• Hacking is a major security threat in IT

• Organizations find solutions to prevent their system from hackers

• Employment of Ethical Hacker (EH) is becoming popular to prevent attacks

How critical the Hacking is?(According to hackmageddon.com, hacking attacks in the month of October 2012)

Source : http://hackmageddon.com/2012-cyber-attacks-timeline-master-index/

Hackers

White Hat

People who specialized

hacking check the

faults of the system

Grey Hat

Exploit a security to the

attention of the owners

Black Hat

People who break into

networks and harm to the network and

property

White Hat is known as Ethical Hacker

Strengthening the security through EH

• Ensuring the protection of company confidential information (i.e. Finance, Production, Marketing, R & D )

• Protect the system from malware/hacking• Analyze risk assessment and control

vulnerable areas• Ensure that sensitive information of clients

does not go to wrong hands

Barriers to EH

• Heavy dependence of employee, because EH has all the company secret information

• Finding a competent and specialist person

• Frequent employee turnover may cause problems to the organization

“The employment of ethical hacking as a way of reviewing and strengthening the security of information systems”

1. Introduction to EH2. Discussions on,

a) Ensuring the protection of company confidential informationb) Protect the system from malware/hackingc) Risk assessment and control vulnerable areasd) Ensuring sensitive information of clients does not go to wrong handse) Barriers to EH

3. Evaluation & Recommendation 4. Conclusion

Framework of my Report

Thank You