Case Study - Method

Source: https://www.google.co.uk/url?sa=i&url=https%3A%2F%2Fwww.facebook.com%2Fmethoduk%2F&psig=AOvVaw1TjPOsSrMz-Vs9czJ_mxRc&ust=1685998095949000&source=images&cd=vfe&ved=0CBAQjRxqFwoTCJCq48K-qv8CFQAAAAAdAAAAABAj

Method

The methodology employed in the case study described in the book "Cyber Security: Case Study" reflects a systematic and meticulous approach to ethical hacking. This section outlines the key steps and processes undertaken by the ethical hacking team to assess the organization's cybersecurity measures.

The first step in the methodology involved the selection of a qualified and experienced ethical hacking team. The team's expertise in various aspects of cybersecurity, such as network security, web application security, and social engineering, ensured a comprehensive assessment across different attack vectors. Careful consideration was given to the team's certifications, qualifications, and track record of successful engagements.

Next, the scope of the ethical hacking engagement was defined in close collaboration with the organization. This involved identifying the systems, applications, and infrastructure that would be included in the assessment. Clear objectives and goals were established to guide the ethical hacking team throughout the process.

Once the scope was defined, the team conducted a thorough reconnaissance phase to gather information about the organization's infrastructure and potential entry points for attacks as it was discussed in my previous blog on methodologies. This phase involved passive information-gathering techniques, such as open-source intelligence (OSINT) research and footprinting, to gain a deeper understanding of the organization's digital footprint.

Following the reconnaissance phase, the team proceeded with active scanning and vulnerability assessments. This involved utilizing specialized tools and techniques to identify potential vulnerabilities in the targeted systems and applications. Vulnerability scanning tools were employed to identify known vulnerabilities, while manual testing was conducted to uncover any new or undisclosed vulnerabilities that could be exploited.

In addition to technical assessments, the methodology included social engineering tests to evaluate the organization's resilience against human manipulation and phishing attacks. This simulated real-world scenarios where employees were targeted through email or phone interactions to assess their awareness and adherence to security policies.

Throughout the entire assessment, strict adherence to ethical and legal considerations was paramount. The team ensured that all activities were conducted within the confines of the law and with the organization's consent. Confidentiality and data protection measures were also upheld to safeguard the organization's sensitive information.

REFERENCES

PWC (2019). Cyber Security Case Study. Retrieved from https://www.pwc.co.uk/who-we-are/purpose/schools-toolkit/materials/business-case-study-challenges/case-study-1-student-information-pack.pdf [Accesed on 6th May 2023]