As a penetration tester, you are hired as a consultant by a small- to mid-sized

Question

As a penetration tester, you are hired as a consultant by a small- to mid-sized business that is interested in calculating its overall security risk today, January 1, 2012. The business specializes in providing private loans to college students. This business uses both an e-Commerce site and point-of-sales devices (credit card swipes) to collect payment. Also, there exist a number of file transfer operations where sensitive and confidential data is transferred to and from several external partnering companies. The typical volume of payment transactions totals is approximately $100 million. You decide that the risk assessments are to take into account the entire network of workstations, VoIP phone sets, servers, routers, switches and other networking gear. During your interview with one of the business

Explanation / Answer

Legal requirements and ethical issues involve extent of social engineering techniques involved, vulnerabilities not being exploited. Also, any imapct on user due to this thesting must be controlled.

Scope of work is also one of the main legal issue. Proper licensing and certification, data ownership, privacy issues etc. are some of the other legal and ethical issues.

Risks evolve with the scope of work testing is performed. One of the main way to reduce risk is to reduce the scope of work. Other risks include software security risks, denial of services, system utilization increases resulting in performance loss.

Mitigation of risks can be done by excluding legacy systems from automated testing to ensure security and performing manual testing on excluded items. Performing testing on critical systems during off hours. Setting up monitoring and escalation procedures prior to testing.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.