A study on integrating penetration testing into the information security framework for Malaysian higher education institutions

2015 International Symposium on Mathematical Sciences and Computing Research (iSMSC) Pub Date : 2015-05-19 DOI:10.1109/ISMSC.2015.7594045

C. M. Kang, P. S. JosephNg, K. Issa

{"title":"A study on integrating penetration testing into the information security framework for Malaysian higher education institutions","authors":"C. M. Kang, P. S. JosephNg, K. Issa","doi":"10.1109/ISMSC.2015.7594045","DOIUrl":null,"url":null,"abstract":"With the rapid development of information technology, hackers are provided powerful tools and therefore ensuring the security of the information is becoming a complex task. Using hacking tools and techniques also known as penetration testing or ethical hacking can contribute to mitigate the security risks. However, due to the misinformation on penetration testing, some managers refused to adopt this arm to protect their information against hackers. As a result, in Malaysian Higher Education Institutions domain, the number of victims of hackers keeps increasing considerably. The research objectives are to enable a paradigm shift on higher management level on penetration testing as part of the essential IT security components. To demonstrate how penetration testing contributes to improve the security. To provide security managers and top managers a positive vision of pen-testing through a revised security framework based on an existing one. This research will be carried out qualitatively and quantitatively, and its output will be based on numeric analysis, case study, survey and literature reviews.","PeriodicalId":407600,"journal":{"name":"2015 International Symposium on Mathematical Sciences and Computing Research (iSMSC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Symposium on Mathematical Sciences and Computing Research (iSMSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISMSC.2015.7594045","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

Abstract

With the rapid development of information technology, hackers are provided powerful tools and therefore ensuring the security of the information is becoming a complex task. Using hacking tools and techniques also known as penetration testing or ethical hacking can contribute to mitigate the security risks. However, due to the misinformation on penetration testing, some managers refused to adopt this arm to protect their information against hackers. As a result, in Malaysian Higher Education Institutions domain, the number of victims of hackers keeps increasing considerably. The research objectives are to enable a paradigm shift on higher management level on penetration testing as part of the essential IT security components. To demonstrate how penetration testing contributes to improve the security. To provide security managers and top managers a positive vision of pen-testing through a revised security framework based on an existing one. This research will be carried out qualitatively and quantitatively, and its output will be based on numeric analysis, case study, survey and literature reviews.

查看原文本刊更多论文

马来西亚高等教育机构将渗透测试整合到信息安全框架的研究

随着信息技术的飞速发展，黑客被提供了强大的工具，因此确保信息的安全成为一项复杂的任务。使用黑客工具和技术(也称为渗透测试或道德黑客)可以帮助减轻安全风险。然而，由于对渗透测试的错误信息，一些管理人员拒绝采用这一手段来保护他们的信息不受黑客攻击。因此，在马来西亚高等教育机构领域，黑客的受害者人数不断增加。研究目标是使渗透测试作为基本IT安全组件的一部分在更高的管理水平上实现范式转换。演示渗透测试如何有助于提高安全性。通过基于现有安全框架的修订安全框架，为安全管理人员和高级管理人员提供渗透测试的积极愿景。这项研究将定性和定量地进行，其产出将基于数字分析、案例研究、调查和文献综述。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 International Symposium on Mathematical Sciences and Computing Research (iSMSC)

自引率

0.00%

发文量