Penetration Testing

The task or effort of Penetration Testing is a valuable tool in the tasks to help protect organizations from cybersecurity breaches and attacks. Penetration, or Pen testing includes the process of simulating or imitating a real attack against a target system – the output of such an activity is a report that can be reviewed by technical and non-technical staff to help determine how to address bugs or configurations that can elude to attacks (Yadav, et al., 2019). During a penetration test the use of automated tools will be utilized to help identify vulnerabilities or software that may have updates or other changes required or determined to be corrected. Penetration testing can be done either manually or automatically via tools that are either paid or possibly open source available, and can be seen as a positive task related to penetrating systems. On the other hand, when cyber threat actors attack systems to either cause damage or steal information – this would be seen as a malicious activity, not associated with protecting a system.

Attack Classified as Cyber Terrorism

When a cyber-attack involves the use of underlying political, religious or social issue movements to create serious and adverse effects to technology systems, can be classified as Cyberterrorism (Veerasamy, 2020). Such terrorist attacks can apply towards governments, either at the municipal, state or federal level and certainly towards for-profit and non-profit businesses – nobody is exempt from such attacks. Cyber Terrorism attacks can involve such malicious activities as Denial of Service (DoS), website defacement, campaigns of misinformation, corruption of data, unauthorized access, or exploitation of systems through viruses, ransomware, or causing system unavailability (Veerasamy, 2020).

On the personal side, one cannot go a week without hearing about cyber-attacks against critical infrastructure areas or sectors pertaining to the safety and security of the citizens of the United States. For example, in the past year we have learned about cyber-attacks against water treatment plants, gas pipeline companies, and food processing plants. These are all industry sectors considered critical to the people of our country, and thus, should these attacks be considered terrorist activities?

References:

Chapple, M., Stewart, J. M. & Gibson, D. (2018). Certified Information Systems Security Professional Official Study Guide, Eighth Edition. Sybex, John Wiley & Sons. Indiana.

Veerasamy, N. (2020). Cyberterrorism – the spectre that is the convergence of the physical and virtual worlds. Emerging Cyber Threats and Congnitive Vulnerabilities. Elsevier Inc. United Kingdom.

Yadav, G., Allakany, A., Kumar, V., Paul, K. & Okamura, K. (2019). Penetration Testing Framework for IoT. 8^th International Congress on Advanced Applied Informatics (IIAI-AAI).

Ask an interesting, thoughtful question pertaining to the above post.
Provide extensive additional information on the above post.
Explain, define, or analyze the above post in detail
Share an applicable personal experience
Provide an outside source (for example, an article) that applies to the above post, along with additional information about the above post or the source.

Answer rating: 100% (QA)

Penetration testing which is also sometimes called pen testing or ethical hacking refers to the security process of evaluating your computer systems applications for vulnerabilities and susceptibility ... View the full answer