Role of an Security Professional in Securing an Organization

 

As technology is growing at a faster pace, so is the growth in the risks associated with it. To beat a hacker, it is necessary to think like one!

Vulnerability testing and security audits alone cannot ensure the network is secure because hacking requires creative thinking. Organizations must employ a "defence-in-depth" strategy by penetrating their networks to estimate and expose vulnerabilities.

Ethical Hacker must ask these questions at the time of engagement with an organization:

• What is the organization trying to protect?
• Against whom or what are they trying to protect it?
• How much time, effort, and money is the client willing to invest to gain adequate protection?
• Do the information security measures comply with industry and legal standards?

An ethical hacker's evaluation of the security of a client's information systems aims to provide answers to the following three fundamental questions.

• What can the hacker see on the target system?

Normal security checks by system administrators will often overlook vulnerabilities. The ethical hacker has to think about what an attacker might see during the reconnaissance and scanning phases of an attack.

• What can an intruder do with that information?

The ethical hacker must discern the intent and purpose behind attacks to determine appropriate countermeasures. During the gaining access and maintaining access phases of an attack, the ethical hacker needs to be one step ahead of the hacker in order to provide adequate protection. 

• Are the attackers' attempts being noticed on the target systems?

Sometimes attackers will try to breach a system for days, weeks, or even months. Other times they will gain access but will wait before doing anything damaging. Instead, they will take the time to assess the potential use of exposed information. During the reconnaissance and covering track phases, the ethical hacker should notice and stop the attack. 

Hackers may cover their traces after conducting attacks by modifying log files, building backdoors, or deploying Trojans. Ethical hackers must look into if these activities have been recorded and what safeguards have been put in place. This gives them information about the current security measures of the system being examined as well as an evaluation of the attacker's skill.

The ethical hacker must also remember to convey to the client that it is never possible to guard systems completely, but that they can always be improved. 

You might be interested in, 

• Introduction to Ethical Hacking, its Necessities, Scopes and Limitations
• Introduction to Hacking, Hacker and Hacker Classes

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.