Direction () : Read the given passage carefully and answer the questions that follow.
The need for more effective information security practices is increasingly evident with each security breach reported in the media. When adopting new technologies like cloud computing, virtualization, or IT outsourcing, enterprises are facing imminent security threats and must adjust their security processes, policies, and architectures accordingly. Among the many options available to help
customers to achieve this goal, organizations should consider the value of ethical hacking services, which are rapidly gaining attention as an essential security practice that should be performed on a regular basis. “The elevated threat landscape
therefore, urgently dictates the need for a comprehensive, real-world assessment of an organization’s security posture. This assessment is a first vital step to enact effective security policies, procedures, and infrastructure that will prevent or mitigate the effects of a data breach.” Ethical hacking offers an objective analysis of an organization’s information security
posture for organizations of any level of security expertise. The ethical hacking organization has no knowledge of the company’s systems other than what they can gather. Hackers must scan for weaknesses, test entry points, priorities targets, and develop a strategy that best leverages their resources. The objectiveness of this kind of security assessment has a direct impact on the value of the whole evaluation. However, businesses still remain skeptical about the risk inherent with inviting a third-party to attempt to
access sensitive systems and resources. To reduce this fear, businesses should hire only ethical hacking companies that implement
practices to ensure privacy and confidentiality. They should also be accredited by international trade organizations such as the EC-Council and ISC. Ethical hacking and ethical hacker are terms used to describe hacking performed by a company or individual to help identify potential threats on a computer or network. An ethical hacker attempts to bypass system security and search for any
weak points that could be exploited by malicious hackers. This information is then used by the organization to improve the system
security, in an effort to minimize or eliminate any potential attacks. The term "ethical hacker" has received criticism at times from people who say that there is no such thing as an "ethical" hacker. Hacking is hacking, no matter how you look at it and those who do the hacking are commonly referred to as computer criminals or cyber criminals. However, the work that ethical hackers do for organizations has helped improve system security and can be said to be quite effective and successful. Individuals interested in
becoming an ethical hacker can work towards a certification to become a Certified Ethical Hacker, or CEH. In a search for ways to reduce the fear and worry of being hacked, organizations have come to the realization that an effective way to evaluate security threats is to have independent security exerts attempt to hack into their computer systems. In the case of computer security, these tiger teams or ethical hackers would use the same tools and techniques as an attacker, but rather than damage the system or steal
information, they would evaluate the system security and report the vulnerabilities they found and provide instructions for how to
remedy them. From the early days of computers, ethical hacking has been used as an evaluation of system security. Many early ethical hacks were conducted by the United States Military to carry out security evaluations on their operating systems to determine whether they should employ a two-level (secret/top secret) classification system. However, with the growth of computing and networking in the early 1990's, computer and network vulnerability studies began to appear outside of the military organization.
In December of 1993, two computer security researchers, Dan Farmer from Elemental Security and Wietse Venema from IBM, suggested that the techniques used by hackers can be used to assess the security of an information system. They wrote a
report that was shared publicly on the Internet which described how they were able to gather enough information to compromise security and they provided several examples of how this information could be gathered and exploited to gain control of a system, and how such an attack could be prevented. An ethical hacker should set simple goals, such as finding unauthorized wireless
access points or obtaining information from a wired network system. In any case, the goals should be articulate and well communicated. Written permission is required and should state that an ethical hacker is authorized to perform a test according to the plan. It should also say that the organization will provide legal and organizational support in case criminally charges or lawsuits
arise. This is conditional on staying within the bounds of the approved plan. An ethical hacker is bound to confidentiality and non-disclosure of information they may uncover. Ethical hackers must also be compliant with their organization's governance and local laws. An ethical hack must not be performed when the company policy or the law for that matter, explicitly forbids it. Source: