“Who Was That Masked Man?”: System Penetrations—Friend or Foe?

Abstract

This chapter explores a range of hacking techniques that can be used for either malicious or good purposes. It focuses on the role of the penetration tester, also known as a white hat hacker, or an ethical hacker. The discussion highlights the need to employ ethical hackers to expose system vulnerabilities so that they can be addressed before they are exploited by criminals or other threat actors. Because the techniques and methods used by ethical hackers are largely the same as those used by malicious hackers, there are some risks that need to be considered. Moreover, that there is a need for improving the standard of professionalism amongst ethical hackers, through certification, education and validation. Professionals in this area of IT assist organizations to mitigate cyber threats, not only by testing systems, but also in reviewing policies, procedures and controls. Ethical hackers are thus, an integral component of a mature security program.