Maintenance is an essential task that is often considered to be dull. In informa

Question

Maintenance is an essential task that is often considered to be dull. In information security, penetration testing may be wrongly perceived as being a “hacker-like” activity. In fact, when done correctly, ethical hacking is an important part of risk management. Penetration analysts work under very restrictive rules of engagement when testing systems. This week's project is research on the many ways that penetration analysts limit the risk they pose to internal systems.

Online RESOURCES:

http://accessdata.com/

https://www2.guidancesoftware.com/resources/Pages/webinars.aspx?topic=Internal+Investigation (May need to register - optional)

http://whitepapers.hackerjournals.com/

http://www.hackerjournals.com/

http://www.eccouncil.org/

https://spaces.internet2.edu/display/2014infosecurityguide/System+Acquisition,+Development,+and+Maintenance

Explanation / Answer

There are several ways penetration analysts limit the risk they pose to internal systems and they are:

- Testing/Development Environments
- Perform tests during off peak times

By performing penetration tests on testing environments, analysts are able to show what a successful attack could do the environment without affecting the live environment. In doing so, situations such as network performance degradation etc, are not seen by the company or its customers.

Another method of limiting the risk is by performing all tests during off peak time, i.e. when the systems are not in use. By doing so, even if the systems have are slow or if its performance is hampered, it will not have a large impact on the business

Related Questions

Navigate

• Browse (All)
• Browse M
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.