Skip to main content

Case Study - Method

Source: https://www.google.co.uk/url?sa=i&url=https%3A%2F%2Fwww.facebook.com%2Fmethoduk%2F&psig=AOvVaw1TjPOsSrMz-Vs9czJ_mxRc&ust=1685998095949000&source=images&cd=vfe&ved=0CBAQjRxqFwoTCJCq48K-qv8CFQAAAAAdAAAAABAj

Method

The methodology employed in the case study described in the book "Cyber Security: Case Study" reflects a systematic and meticulous approach to ethical hacking. This section outlines the key steps and processes undertaken by the ethical hacking team to assess the organization's cybersecurity measures.

The first step in the methodology involved the selection of a qualified and experienced ethical hacking team. The team's expertise in various aspects of cybersecurity, such as network security, web application security, and social engineering, ensured a comprehensive assessment across different attack vectors. Careful consideration was given to the team's certifications, qualifications, and track record of successful engagements.

Next, the scope of the ethical hacking engagement was defined in close collaboration with the organization. This involved identifying the systems, applications, and infrastructure that would be included in the assessment. Clear objectives and goals were established to guide the ethical hacking team throughout the process.

Once the scope was defined, the team conducted a thorough reconnaissance phase to gather information about the organization's infrastructure and potential entry points for attacks as it was discussed in my previous blog on methodologies. This phase involved passive information-gathering techniques, such as open-source intelligence (OSINT) research and footprinting, to gain a deeper understanding of the organization's digital footprint.

Following the reconnaissance phase, the team proceeded with active scanning and vulnerability assessments. This involved utilizing specialized tools and techniques to identify potential vulnerabilities in the targeted systems and applications. Vulnerability scanning tools were employed to identify known vulnerabilities, while manual testing was conducted to uncover any new or undisclosed vulnerabilities that could be exploited.

In addition to technical assessments, the methodology included social engineering tests to evaluate the organization's resilience against human manipulation and phishing attacks. This simulated real-world scenarios where employees were targeted through email or phone interactions to assess their awareness and adherence to security policies.

Throughout the entire assessment, strict adherence to ethical and legal considerations was paramount. The team ensured that all activities were conducted within the confines of the law and with the organization's consent. Confidentiality and data protection measures were also upheld to safeguard the organization's sensitive information.

REFERENCES

PWC (2019). Cyber Security Case Study. Retrieved from https://www.pwc.co.uk/who-we-are/purpose/schools-toolkit/materials/business-case-study-challenges/case-study-1-student-information-pack.pdf [Accesed on 6th May 2023]

Comments

Popular posts from this blog

ESSAY (MAIN BODY)

Hi, in this blog I would be showing you my essay's main body. The body talks more about AI in endpoint security and its functionalities/application in endpoint security. It also touches on the benefits of AI in endpoint security. 

INTRODUCTION POST

Source: https://dm0qx8t0i9gc9.cloudfront.net/thumbnails/video/H8WuRINimqur8ud/introduction-word-intro-word-intro_bxbepgas_thumbnail-1080_01.png  Hello, in this post I will introduce my degree, Cyber Security BSc (Hons), and the university I am studying at, DMU. I chose DMU because it was the top school among five universities that offer cybersecurity at a bachelor’s level. I also liked the diversity of DMU, which has a high percentage of international students. DMU has been great so far. The computing tutors are helpful and understanding to everyone. My degree consists of three years of study, with four modules each year. The first-year modules are Foundation of Computing and Cyber Security, Endpoint Security, Secure Coding, and Business Infrastructure and Security. The second-year modules are Secure Scripting and Business Applications, Incident Response and Cyber Threat Intelligence, Penetration Testing, and Industrial Cryptography. The third-year modules are Malware and Attacker ...

INITIAL IDEA 1 - ENDPOINT SECURITY

Source: https://www.42gears.com/wp-content/uploads/2021/04/featured.jpg What is Endpoint Security? My initial idea pertains to endpoint security, which is an essential module in my cybersecurity path. Endpoint security is a cybersecurity approach used to defend endpoints such as desktops, laptops, and mobile devices from malicious activities (Crowdstrike, n.d.). According to Crowdstrike, a top endpoint security company, protecting endpoints is crucial in cybersecurity, from small businesses to large corporations. Why Secure Your Endpoints? The Ponemon Institute conducted a study that found 68% of organizations have experienced one or more endpoint attacks that successfully compromised data and/or their IT infrastructure (Expert Insights, 2021). Endpoints provide a large attack surface, and implementing endpoint security solutions can help reduce those attack surfaces. While it's impossible to completely eliminate cyberattacks, reducing the possibilities or chances of an attack occu...