Skip to main content

Case Study - Method

Source: https://www.google.co.uk/url?sa=i&url=https%3A%2F%2Fwww.facebook.com%2Fmethoduk%2F&psig=AOvVaw1TjPOsSrMz-Vs9czJ_mxRc&ust=1685998095949000&source=images&cd=vfe&ved=0CBAQjRxqFwoTCJCq48K-qv8CFQAAAAAdAAAAABAj

Method

The methodology employed in the case study described in the book "Cyber Security: Case Study" reflects a systematic and meticulous approach to ethical hacking. This section outlines the key steps and processes undertaken by the ethical hacking team to assess the organization's cybersecurity measures.

The first step in the methodology involved the selection of a qualified and experienced ethical hacking team. The team's expertise in various aspects of cybersecurity, such as network security, web application security, and social engineering, ensured a comprehensive assessment across different attack vectors. Careful consideration was given to the team's certifications, qualifications, and track record of successful engagements.

Next, the scope of the ethical hacking engagement was defined in close collaboration with the organization. This involved identifying the systems, applications, and infrastructure that would be included in the assessment. Clear objectives and goals were established to guide the ethical hacking team throughout the process.

Once the scope was defined, the team conducted a thorough reconnaissance phase to gather information about the organization's infrastructure and potential entry points for attacks as it was discussed in my previous blog on methodologies. This phase involved passive information-gathering techniques, such as open-source intelligence (OSINT) research and footprinting, to gain a deeper understanding of the organization's digital footprint.

Following the reconnaissance phase, the team proceeded with active scanning and vulnerability assessments. This involved utilizing specialized tools and techniques to identify potential vulnerabilities in the targeted systems and applications. Vulnerability scanning tools were employed to identify known vulnerabilities, while manual testing was conducted to uncover any new or undisclosed vulnerabilities that could be exploited.

In addition to technical assessments, the methodology included social engineering tests to evaluate the organization's resilience against human manipulation and phishing attacks. This simulated real-world scenarios where employees were targeted through email or phone interactions to assess their awareness and adherence to security policies.

Throughout the entire assessment, strict adherence to ethical and legal considerations was paramount. The team ensured that all activities were conducted within the confines of the law and with the organization's consent. Confidentiality and data protection measures were also upheld to safeguard the organization's sensitive information.

REFERENCES

PWC (2019). Cyber Security Case Study. Retrieved from https://www.pwc.co.uk/who-we-are/purpose/schools-toolkit/materials/business-case-study-challenges/case-study-1-student-information-pack.pdf [Accesed on 6th May 2023]

Comments

Post a Comment

Popular posts from this blog

Models and Methodologies

Source: https://draft.blogger.com/blog/post/edit/4645394287292363993/7218885967669883525# Today would be on the ethical methodologies used in carrying out an ethical hack/attack. In every sector, there are models, ethics and procedures from law to medicine and so is the case in cybersecurity and particularly ethical hacking. There are steps an ethical hacker needs to follow because we are ethical people backed by the law to do what we do so. The processes are a six-step industry standard process which is:  1. Reconnaissance Upon receiving explicit and contractual consent from the organization, the reconnaissance portion of the hacking process can begin. This involves collecting as much information as possible about the “target” using the various tools at the hacker’s disposal, including the company website, internet research, and even social engineering. These are all similar to the types of behaviours that a malicious hacker would engage in when attempting to breach an organi...
Post a Comment
Read more

ESSAY (MAIN BODY)

Hi, in this blog I would be showing you my essay's main body. The body talks more about AI in endpoint security and its functionalities/application in endpoint security. It also touches on the benefits of AI in endpoint security. 
Post a Comment
Read more