User Account

All Pages

Write review on article

Assignment Help Computer Engineering
Reference no: EM131625766

Write review on this article with 2 references in APA format. (jonathan) Penetration testing is a sensitive area for most organizations.

Depending on the size of an organization, this can be something that occurs on a regular basis using automated methods such as a vulnerability scanner, or it can be something that occurs in regular increments such as on an annual basis.

In many organizations, this process is a hybrid of the two. However it is done, statistics show that companies need to regularly be performing such tests, to ensure their security.

According a whitepaper put out by Whitehat Security, 55% of retail websites, 50% of healthcare websites, and 35% of financial websites remain in a state of constant vulnerability throughout the year (Whitehat Security, 2015).

This is not only alarming from a statistical standpoint, but also stands in stark contrast to the biblical principle of wise stewardship. While penetration tests are certainly a necessity for every organization, the decision to perform these types of services in an unsanctioned manner brings many moral and ethical questions along with it.

Beyond that, an unsanctioned penetration test can potentially cause outages to production systems, inadvertently expose sensitive data, and possibly bring about more harm than good, regardless of the individual's motivations and intentions. Additionally, the tester could face potential legal repercussions should they be discovered, and/or cause damage to the institution being tested.

According to the Computer Fraud and Abuse Act of 1986, it is a Federal crime to even exceed authorized access on any computer system (CFAA, 1986). While this Federal statute is terribly dated and increasingly irrelevant to the modern technological landscape, the fact remains that a user could potentially face criminal charges under CFAA. As such, one should exercise extreme caution and discernment when performing any kind of penetration test.

My personal stance on the issue is that a responsible party, such as a CISO, Director or Vice President within an organization, should give verbal authorization at the very least, before a penetration test is to be performed. Many would no doubt take this one step further and request written approval prior to performing a penetration test.

While all of us have differing opinions, the Bible reminds us in Hebrews 13:17 that we are to obey those in authority over us (Hebrews 13:17, NASB).

Doing so may go against our grain and take extra time, but it is always a safe bet to get approval. References Whitehat Security. (2015). Website security statistics report.

Verified Expert

The paper is about taking a prior approval for the penetration testing which is highlighted in the paper. This paper also includes the Bible perspective. This paper has been prepared in Microsoft office document.

Reference no: EM131625766

Questions Cloud

Organizational recommendation for european operations : Organizational recommendation for European operations and plans to ensure capacity is in place to meet projected business demand.
Conduct an internet research on the four eportfolio topics : COIT20252 BPM E-portfolio Assessment. To achieve this, you are to conduct an Internet researchon the four ePortfolio topics
Define portfolio project for a particular position : What sources do you consider most credible when you defend facts and statements to someone who is questioning you about the accuracy of your claims
What is one of the major brand elements : What is one of the major brand elements used by that company or one of its major brands?
Write review on article : Write review on this article with 2 references in APA format. (jonathan) Penetration testing is a sensitive area for most organizations.
Solve the problem related to an auidt manager : Baily Cox, an audit manager, judged that the test of controls of the company's 50,000 purchase transactions should be based on a tolerable rate of deviation.
On firm fixed-price contracts : On firm fixed-price contracts. list and categorize three risks. Was the response plan for those projects adequate to mitigate these risks?
About the negotiation process : What are some cognitive biases, and what can we do to manage them in the negotiation process?
Define how would you publicly define yourself : How would you publicly define yourself, Do you define yourself by your role in life, by your hobbies, by your personality

Reviews

inf1625766

10/23/2017 4:59:14 AM

Thanks for the hard work done by the expert, it's done according to the mention requirements. I am impressed with the expert's approach. It is up to the mark. That is what i was looking for, thank you so much.

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd