Analyzing threats and vulnerabilities
There are various levels of risk and threats associated with an organization that may be the result of natural events, accidents, or intentional acts to cause harm. Irrespective of the cause of the risk, organizations have an obligation to lessen or mitigate these risks to the best of their ability and to ensure they do not happen again. Foremost, a threat assessment is just the beginning of initiating a risk management program. A threat assessment contemplates the complete range of the risk (i.e., natural, criminal, terrorist, accidental, etc.) for a given facility/location (Renfroe, Nancy R and Smith, Joseph L, 2016). Some tools and techniques for identifying and analyzing threats and vulnerabilities are as follows: Vulnerability scanner –Pinpoints vulnerabilities within a system and identifies, defines and classifies the risks to the network, communication infrastructure or server. This analysis can predict the efficiency of planned countermeasures, and calculate how well they work after they are put into use (Rouse, 2016). Honeypots – This system is set up as a decoy to attract would-be attackers and to identify, repel or read the efforts to gain illegal entrance to information systems (Rouse, 2016). Port scanner – A port scan is a sequence of communications sent to corrupt a system and acquires which system network services they are linked which is provided by the computer. Port scanning is a preferred method of computer hackers as it gives them insight as to where to probe for weaknesses. Basically, a port scan is made up of transporting communication to each port, one at a time. Depending on the type of answer received designates if the port can be probed for weakness (Rouse, 2016). Ethical Hacking – This hacking implemented by a person hired by an organization to assist in detecting possible risks on a network or system. An ethical hacker tries to circumvent the security of a system and identify and look for a vulnerability that could be misused by spiteful attackers also known as Black hats (APPROACHES, TOOLS AND TECHNIQUES FOR SECURITY TESTING, n.d.).
Rewards for discovering vulnerabilities
Offering rewards for discovering vulnerabilities has become the new trend within large technology companies. Mozilla, Google, Facebook, and PayPal are just a few that have established programs that offer rewards to users. Usually, it is the computer experts that find vulnerabilities or holes in their software programs. Offering these kinds of reward can save an organization the embarrassment of suffering from a breach. The amount of money each individual receives depends on the harshness of the issue reported to the organization. The benefit of offering these rewards allows the organization the ability to develop patches to fix the problem. Staying in front of these issues allows the organization to avoid grave financial costs in the future (The bounty programs of Google, Facebook, Microsoft… Which tech giant offers the juiciest rewards to hackers?, 2014).
The biggest issue with offering rewards for discovering vulnerabilities would be that it can become a go-ahead to attack the system. Knowing that rewards are given for discovering vulnerabilities could also bring about organizations be exploited for money. It can also become a problem if novice hackers try to use vulnerability scanners to infiltrate systems and they use these devices in the wrong way can cause more harm than help. Organizations should also undoubtedly recognize and hold onto the idea that vulnerability rewards involve quite a hefty monetary venture and a group to handle all the issues. Instead of offering monetary rewards to these hackers which become hazardous, may a job offer with the company would prove to be the better security guard (APPROACHES, TOOLS AND TECHNIQUES FOR SECURITY TESTING, n.d.). Ethical hackers have progressively gained conventional recognition. Facebook and Google have spent vast amounts of money over the past few years paying hackers “bug bounties” to identify new vulnerabilities also, known as zero-day vulnerabilities, in particular, merchandises. After being opposed to paying bounties, even Microsoft started disbursing monies for such bounties earlier this year (Acohido, 2013).
Exploit vulnerabilities in your systems
Changeling individuals to exploit vulnerabilities within a system can become an issue because that individual’s intentions can be malicious. If vulnerabilities for that system know they can be bought and sold to the highest bidder. Moreover, the timeliness of the discovery could also be an issue and you could be rewarding an individual for an issue that has already been mitigated. Typically, an organization may take on average up to 103 days to find a security risk. In a background of zero-day risks with the agility and speed which developers work, the timeline of chance is open and ready for attackers (Sidagino, 2015). Giving the opportunity for a job may be a better way to reward would be hackers.
The most dangerous precedent to set in schools teaching the art of hacking and offer young people who may not have established their own capabilities in ethical thinking the utensils and the familiarity to access protected systems. With this information, stumbling onto black hat situations could lead them into facing legal moments. For instance, in April 2014, a Western University student was caught after hacking into the Canada Revenue Agency (the Canadian equivalent of the U.S. Internal Revenue Service). His lawyer argued, that his ethical reasoning was influenced by a previously established moral value and that he was a very bright student. At 14, the student had hacked into his school board’s computer systems and had not been punished for it, sending him the message that it was “OK to hack”. Starting off with malicious intent or gaining information to sell for profit is not how most hackers begin. After interviewing six black hat hackers, Xu, Hu, and Zhang (2013) discovered that the pursuit of hacking often starts off with innocent motives, such as simply wanting to know more about computers, or being able to modify school computers to allow playing games even though it was against school policy (Radziwill, Romano, Shorter, & Benton, n.d.). Despite the intent of ethical hacking it still has its disturbing significances.
Formation of ethical hackers
Ethical hacking is a great approach and aids in the security of computer systems, applications, and networks. Gauging your organization’s vulnerabilities is just the beginning of the process in avoiding expensive data damage that could compromise both information and your organization’s name and ethical hackers could assist with this issue (Boatman, 2018). This process can be beneficial and can help an organization as long as one’s morals and values stay pure. If the real-world skills related with hacking or cybersecurity are not taught in schools, it means that all hackers will be self-taught in their methodological services and will be less likely to give the same attention and interest to integrity and moral reasoning in the setting of cybersecurity. If ethical hacking becomes a part of scholastic curricula, at least the colleges and universities that include the material will have the ability to teach ethical hacking, promoting conscious ethical practices and lowering the likelihood that students will use their knowledge maliciously (Radziwill, Romano, Shorter, ; Benton, n.d.)