search

For Dummies 978-0-470-55093-9 Fiche technique Page 4

  • Télécharger
  • Ajouter à mon manuel
  • Imprimer
  • Page
    / 16
  • Table des matières
  • MARQUE LIVRES
    • Noté. / 5. Basé sur avis des utilisateurs
Vue de la page 3
12
Part I: Building the Foundation for Ethical Hacking
If you perform ethical hacking tests for clients or simply want to add another
certification to your credentials, you might want to consider becoming a
Certified Ethical Hacker (C|EH), through a certification program sponsored by
EC-Council. See www.eccouncil.org/CEH.htm for more information.
Ethical hacking versus auditing
Many people confuse ethical hacking with security auditing but there are
big differences. Security auditing involves comparing a company’s security
policies to what’s actually taking place. The intent of security auditing is to
validate that security controls exist — typically using a risk-based approach.
Auditing often involves reviewing business processes and might not be very
technical. I often refer to security audits as “security checklists” because
they’re usually based off (you guessed it) checklists.
Conversely, ethical hacking focuses on vulnerabilities that can be exploited.
It validates that security controls do not exist. Ethical hacking can be both
highly technical and nontechnical and, although you do use a formal meth-
odology, it tends to be a bit less structured than formal auditing. If auditing
continues to take place in your organization, you might consider integrating
the ethical hacking techniques I outline into your auditing process.
Policy considerations
If you choose to make ethical hacking an important part of your business’s
risk management program, you really need to have a documented security
testing policy. Such a policy outlines the type of ethical hacking that is done,
which systems (such as servers, Web applications, laptops, and so on) are
tested, and how often the testing is performed. Specific procedures for car-
rying out your security tests could outline the ethical hacking methodology
I cover in this book. You might also consider creating a security standards
document that outlines the specific security testing tools that are used and
specific dates your systems are tested each year. You might list standard
testing dates, such as once per quarter for external systems and biannual
tests for internal systems.
Compliance and regulatory concerns
Your own internal policies might dictate how company management views
security testing, but you also need to consider the state, federal, and global
laws and regulations that affect your business. Many of the federal laws and
regulations, such as the Health Insurance Portability and Accountability Act
Vue de la page 3
1 2 3 4 5 6 7 8 9 ... 15 16

Commentaires sur ces manuels

Pas de commentaire
Produits connexes et manuels pour Livres For Dummies 978-0-470-55093-9
Livres For Dummies 978-0-470-56556-8 Fiche technique   (22 pages)
Livres For Dummies 978-0-470-53483-0 Fiche technique   (18 pages)
Livres For Dummies 978-0-470-40747-9 Fiche technique   (16 pages)
Livres For Dummies 978-0-470-38843-3 Fiche technique   (20 pages)
  • IP Moulding Mier Aavara Ariterm Pleasant River
  • BenQ Non Philips Non Infinity Analyseurs de réseaux Senco Compresseurs d'air Lincoln Fours
  • Parkside PABS 12 A1 Honey-Can-Do HMP-02108 Samsung SM-T230 Brother HL-5030
  • Gibraltar Mailboxes RFL10000 Manuel d'instructions Tripp Lite N201-003-RD Fiche technique Samsung SGH-D800 Manuel de l'utilisateur DeWalt D2002M Manuel d'instructions Mircom TX3 Series Manuel de l'utilisateur