Security, especially in the computer system setting, can be a complex thing to describe. When it comes to security testing, the challenge becomes describing security in such broad terms that it becomes valid for every security system, but narrow enough to strictly describe security. In the classic sense, it defines the freedom from danger or risk. In a computer setting, it defines the situation where the system is prevented from, or protected against unauthorized access to information or deliberate destruction and alteration. Security refers to the ability of a system to maintain confidentiality and confidentiality with the information it is provided with.
Computer security is often associated with three aspects, defined by the popular acronym CIA; perhaps appropriate considering the security levels the American CIA is associated with. The C stands for confidentiality, which is to make sure there is no unauthorized access. The next is I for integrity, which is to make sure the people tasked with handling the information do not alter it. The A stands for authenticity, which is to ensure that the people using the system are truly who they claim to be. Ethical hacking makes sure that the security protocol addresses all three aspects.
These three aspects and ideas are not the only security factors in a computer system. Here are some of the additional aspects one can consider. Access control testing is used to ensure that users access only the parts of the system that they are entitled or allowed to access. It also involves making sure qualified users have access to those areas they expect to access.
Non-repudiation is the security aspect meant to deal with messages received from unknown senders. It makes sure that the senders of messages cannot deny that they sent the messages in the first place. Another security aspect deals with availability. In this case, the professionals ensure that the system is available, operational and functional. Without availability, the situation is referred to as denial of service. Privacy is another additional security aspect, which ensures that users of the system are in control of their personal information, what they can share, its use maintenance and purpose.
Different ways of viewing system security also determine how such tests as penetration testing are done. There are five distinct points of view when viewing system security functionally. A functional view involves risk reduction. A security testing expert must ask themselves whether their company is involved in potentially risky activities, and find ways to reduce the risk. Another functional approach is through deterrence. This uses fear to reduce the likelihood of security breaches through the fear of being caught.
Prevention is the cornerstone of the functional approach. This involves putting in place safeguards like antivirus and firewalls. In addition to prevention, these tools and safeguards also help in detection. The two systems work together such that when prevention fails, detection sets in. The detection should be convenient and should happen before the system is too far gone. If the damage is already done, there must be ways through which potentially damaged or lost data can be recovered.
Check out more about ethical hacking in Australia