In the final phase of evaluation the ethical hacking report with the results of hacking activities, vulnerabilities found and recommendation given to avoid exploit. The objective should be to bring into effect of permanent security solution rather than temporary patch. If social engineering testing has exposed problems report should address this issue with specific recommendation to raise awareness of the people concerned. The report must include specific recommendation on how to close the vulnerability and keep them closed.
Usually, the ethical hacking report is delivered in hard copy and soft copy destroyed for security reason. For instance, if this report is accessed by the wrong people or people with wrong intension, it can have catastrophic consequence. One of common example is that the report is use by corporate espionage, the cracker can use the information to break into the system. However for long term client, the ethical hacker might need the information for further investigation. In this case the organization can stored it in encrypted form in an offline system with very limited access. Hard copy should be stored in a safe with all copy numbered.
There are certain issues to be considered in delivering report, such as who would receive the report, and how the sensitive report would be conveyed. The ethical hacker would have ongoing responsibility to ensure the safety of all information they retain, so in some cases all information is destroyed at the end of the contract.
Usually, the ethical hacking report is delivered in hard copy and soft copy destroyed for security reason. For instance, if this report is accessed by the wrong people or people with wrong intension, it can have catastrophic consequence. One of common example is that the report is use by corporate espionage, the cracker can use the information to break into the system. However for long term client, the ethical hacker might need the information for further investigation. In this case the organization can stored it in encrypted form in an offline system with very limited access. Hard copy should be stored in a safe with all copy numbered.
There are certain issues to be considered in delivering report, such as who would receive the report, and how the sensitive report would be conveyed. The ethical hacker would have ongoing responsibility to ensure the safety of all information they retain, so in some cases all information is destroyed at the end of the contract.
沒有留言:
張貼留言