2. Agenda #1 What is Ethical Hacking/Penetration Testing? #2 Issues Relevant to Organizations #3 Tools & Techniques of Penetration Testing #4 Benefits & Limitations of Penetration Testing #5 Impact on the CA Profession #6 Current Issues #7 Recommendations
3. 1. What is Ethical Hacking/Penetration Testing? Objective: Improve the security system and close the security gaps before a real hacker penetrates within the organization Preventative measure Exploit a company’s security weaknesses by using same or similar techniques of malicious hackers “White Hat Hackers” “Red Team”
4. 2. Issues Relevant to Organizations Internal Risk: malicious employees & employee’s lack of security awareness External Risk: exploitation of external hackers Non-Financial Losses: damaged reputation, loss of credibility Financial Losses: lost in revenue, litigations
5.
6. Web Applications Software 2. Penetration Testing Techniques Denial of Service Wireless Network Social Engineering Google Hacking
7. Google search: intitle:"index of" site:edu "server at" 3. Google Hacking Example
8. Benefits Strengthen security procedures and processes Improve efficiency and effectiveness of risk management Increase degree of transparency Not 100% guaranteed Changing technology Legislations and contractual obligations restrictions Limited resources over limited period of time Limitations 4. Benefits & Limitations of Penetration Testing
9. 5. Impact on CA Profession Provide greater assurance in addition to SysTrust, WebTrust and Section 5900 Conformity with PIPEDA, Gramm-Leach-Act and SOX IS Auditing Standards, CISA, COBIT Framework Goes beyond the traditional methods by auditors
10. 6. Current Hacking Issues in 2011 Sony’s PlayStation Video Games – loss of personal data from 77M users’ Sony Ericsson’s Canada eShop- loss of data from 2,000 customer accounts Google’s Gmail Accounts – U.S. Government Officials CitiBank – loss of 200,000 credit card customers data This calls for a greater need for penetration testing!
11. SIGNIFICANCE Breach of trust LIKELIHOOD “Target of choice” “Target of opportunity” PENETRATION TESTING 7.Recommendations
Welcome to the Ethical Hacking and Penetration Testing slidecast.The purpose of today’s presentation will be focused on increasing the awareness of the CA profession about ethical hacking and how it can largely impact both the assurance and business community. I am your presenter, Emily Chow, Master of Accounting Student at the University of Waterloo.