| Crazy about ethical hacking |
|
|
|
| Wednesday, 04 April 2007 | |||||
 Hacking techniques have been looked on for long, and actually they are still mistrusted, but something is changing and companies and institutions are starting to reckon the value of the ethical applications of hacking. Around the concept of “ethical hacking”, anyway, there’s a lot of confusion , abuses and misinterpretations, especially concerning services provided to companies and public institutes, such as security penetration testing services.
That’s why British government approved a motion that will oblige organizations and individuals that provide this kind of services to be subject to an accreditation process to testify their reliability and expertise. The news is reported by the magazine Computeractive.co.uk and it focuses on the fact that a new accreditation scheme will be designed by the Council of registered Ethical security Testers (Crest) , a non profit organization that is working to introduce their own certification method. Their certification, which is specifically studied to provide firms with greater confidence when they refer to Penetration test companies, will attest that penetration testers meet minimum standards of ethics, methodologies and technical capabilities. In the UK, a certification for penetration testers already exists: it is the IT Health Check Service, known as CHECK scheme , administered by the CESG (the Communications-Electronics Security Group). The CHECK mainly applies to the government sector, indeed it is mandatory for all government institutes and for many commercial blue-chip organizations.Crest’s spokesmen claim that the their assessments will be as rigorous as CHECK, and they get on saying that many “individuals creating the original assessments were also involved in setting up CHECK” . Each candidate will not only have to run the correct tools to test security, but explain why they are running certain tools and what those tools are doing to demonstrate a rounded knowledge of the issues,’ they said. This attention on ethical hacking certifications focus on an ambivalent necessity: on the one hand, companies and institutions need more advanced and comprehensive forms of IT protection.On the other, these forms of protection must be provided by very expert and skilled professionals that should plumb the depths of a company’s Security System, discovering its leaks and vulnerabilities. This means that the “tester” has to be trusted, in order to avoid risks for the company itself. Zone-H has always highlighted the importance of education about “ethical hacking” matters and we will never stop to say that the war against cyber crime must be fought with cyber criminals’ weapons. Anyway, no certification will be act as a guarantee against cyber criminals, and considering the high demand for “ethical hacking experts”, we bet on the fact that there’s some prankster who is already working on a method to take advantage of that.
Powered by a Zone-H(ified) version of AkoComment 3.0! DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice. |
|||||
| < Prev | Next > |
|---|
