Login Signup
Verified Document

Computer System And Computer Essay

Related Topics:
Testing Computers Auditor Audit
Open Document Cite Document

Penetration Testing The use of penetration testing to test the security and safety of a network is a common practice among many firms. It is further often normal to not inform the relevant staff and personnel behind a network about what is about to occur so that they are truly tested based on what they would normally be doing. However, there are legal and other minefields to doing such testing and all of the people involved need to be careful to cross all the t's and dot the I's before getting too deep into such testing. While penetration testing needs to be as complete and realistic as possible, there are some precautions and other steps that must be taken.

Best Practices

As one might expect, the big thing to have when it comes to penetration testing is permission to so do. However, it is important to define what that means in the context of a "surprise" penetration testing instance. Indeed, the standards relating to this are set in many respects by an organization known as the SANS institute. The group suggests all of the following:

• Make sure to have the auditor doing the penetration testing be represented by legal counsel. This will lead to the...

Obvious times to avoid are month-end processing and other peak times or operating hours
• The audit and the situations it creates should not create more problems than it solves

• There should be very firm and specific agreement (in writing) on what the auditor is allowed to do, what data that they are allowed to maintain and so forth (Kassner, 2015).

The above is more of a general guideline. As one might expect, there are often state-specific laws that may or may not apply, depending on the situation. When it comes to the state of Hawaii, the relevant charges that exist are referred to as computer damage in the first degree and computer fraud in the second degree. Obviously, an auditor will be wise to not commit the below acts while engaging in their penetration testing:

Computer damage in the first degree is typified by one or more of the following:

• Knowingly causes the transmission of a program, information, code or command that causes unauthorized damage

•…

Continue Reading...
Sources used in this document:
References

Iron Geek. (2017). State Hacking/Computer Security Laws. Irongeek.com. Retrieved 8 May 2017, from https://www.irongeek.com/i.php?page=computerlaws/state-hacking-laws

Kassner, M. (2017). Don't let a penetration test land you in legal hot water - TechRepublic. TechRepublic. Retrieved 8 May 2017, from http://www.techrepublic.com/article/dont-let-a-penetration-test-land-you-in-legal-hot-water/
Cite this Document:
Copy Bibliography Citation

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now