Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

1.) Majestic Bank, located in the United States, doesn’t have an online presence

ID: 3728618 • Letter: 1

Question

1.) Majestic Bank, located in the United States, doesn’t have an online presence. It wants to launch a Web site where customers can perform all banking transactions online. The programmers at the IT division of Majestic Bank have developed a Web site for this purpose. The next step is to perform a penetration test on the Web site to detect security loopholes and ensure they’re closed before the site goes live. Based on the role given to you, discuss your responsibilities along with the responsibilities of the other role holders, and prepare a list of responsibilities for each role

2.)How does pentration testing vary in different environments, such as health care, military, corporate, and higher education

Explanation / Answer

a)Penetration testing and vulnerability testing is done to check the flaws that can lead to damage of the system.

In specific the penetration testing is done to check the unauthorized access or other malicious activities are possible or not and identifies the exploitable flaws that can be a threat to the application. It even measures the severity of the loop hole.

The responsibility is to check the following:

1) Authentication

2) Authorization

3) Confidentiality

4) Availability

5) Integrity

6) Resilience

7) Non-Repudiation

As a penetration tester/white hat hacker/ethical hacker the key responsibilities are:

1) To do a detailed planning for the penetration test on application, network, systems and infrastructure and perform it on the stipulated date and time.

2) Select, design, create, implement and evaluate appropriate tools for penetration testing and also review the physical security and social engineering tests where ever applicable.

3) Fix a specific date for testing and keep the latest testing and ethical methods handy.

4) Deploy the testing methodologies,collect data and document the methodologies for future references.

5) Accumulate the data intelligence from the output of automated penetration tools and also from the earlier tests results to identify the vulnerabilities that the tools might not identify.

6) Recheck and review the findings and report the same to the stake holders.

7) Provide suggestions for any security improvements and enhance the existing methodology if needed.

The other roles involved would be:

1) Senior penetration tester - Responsible to manage and lead a small team of penetration testers, coordinates with the stake holders and the testers for their findings and holds regular meetings to make sure the work is completed on time.

2) Lead cyber security specialist - Provides security analysis and tech support to analyze, monitor, identify security glitches,reviews and analyzes the log files to report the suspecting threats, generate the trouble tickets.

3) Security Consultant - Identifies the weakness and potential threats to the existing system, performs continuous testing to the existing systems, prepares the reports for internal and external purpose.

4) Security Architect - Responsible to secure the application's information by determining the security requirements, planning, implementations and testing. He/She is responsible to prepare the security standards, policies, procedures and mentoring the team.

b)The penetration testing varies in different environments:

For Health Care: We have the crucial information about patient and doctors as a result of which a slight glitch/modification of data can change the complete diagnosis of the patient.

For Military: In this sector we have the most confidential information about the country's data's. The data's needs to be protected and an authorized person only needs to be given access to handle the same.

For Higher Education and Corporate: The client information and data's pertaining to the client needs to be kept confidential and should be access with proper authentication.

To safe guard the data's and application from hackers and data's getting leaked we need to implement the penetration testing on the application.

Related Questions

1.) In order to determine the cfu/ml of bacteria in a milk sample, you dilute 1
Question #240070
1.) In order to determine the value of the activation energy for a particular ch
Question #1007903
1.) In order to increase revenue, many video game publishers sell downloadable c
Question #3199441
1.) In order to sort a 15 element array using a bubble sort algorithm, the syste
Question #3938851
1.) In previous experiments, you determined that more than 90% of intact P falci
Question #144789
1.) In rare cases, individuals do not produce an A-, B-, or O-type oligosacchari
Question #202103
1.) In recent years, hospitals have moved to paying shift differentials for peak
Question #363664
1.) In some places, insect \"zappers\", with their blue lights, are a familiar s
Question #1786537

Navigate

Previous
1.) Magnetic information on hard drives is accessed by a read head that must mov
Next
1.) Make 4 claims (These claims are in sentence form): a. claim for the categori

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.