Question

1. The community college you work for would like to get a security test performed, explain the different test types and the advantages and disadvantages of them

.2. The community college now wants to have a security company come in and perform security tests. Explain what they should expect before, during, and after the testing.

Answer 1

Q1 Answer :-

Types of Security Testing :-

1. Vulnerability Scanning .
2. Security Scanning .
3. Penetration testing .
4. Risk Assesment .
5. Security Auditing .
6. Posture Assessment.
7. Ethical hacking

1 - Vulnerability Scanning :-

This is done through automated software to scan a system against known vulnerability signatures.

Advantages :-

• Fast Result.
• Repetable .
• User-friendly.
• Constant Monitoring.

Disadvantages :-

• A vulnerability scanning tool will not find nearly all vulnerabilities .
• Constant updates required.
• False positives.
• Implications of vulnerability unclear .

2 - Security Scanning :-

It involves identifying network and system weaknesses, and later provides solutions for reducing these risks. This scanning can be performed for both Manual and Automated scanning.

Advantages :-

• It Can find the Vulnerability of system and provide solution.

Disadvantages :-

• Not locate all vulnerability .

3 - Penetration testing :-

This kind of testing simulates an attack from a malicious hacker. This testing involves analysis of a particular system to check for potential vulnerabilities to an external hacking attempt.

Advantages :-

• Reveal vulnerabilities
• Show real risks.
• Test your cyber-defence capability.

Disadvantage :-

• Limited resourses .
• Position of attack .
• Creating a skilled team .

4 - Risk Assesment :-

This testing involves analysis of security risks observed in the organization. Risks are classified as Low, Medium and High. This testing recommends controls and measures to reduce the risk.

Advantages :-

• Saving cost and time.
• New opportunities.
• Protecting resources.

Disadvantages :-

• Difficulty in implementing.
• Performance.
• Potential threats.

5 - Security Auditing :-

This is an internal inspection of Applications and Operating systems for security flaws. An audit can also be done via line by line inspection of code .

Advantages :-

• Operational improvements .
• Confidentiality .
• High-quality perfection .

Disadvantages :-

• Extra cost .
• Unsuitable changes .

6 - Posture Assessment :-

This combines Security scanning, Ethical Hacking and Risk Assessments to show an overall security posture of an organization .

7- Ethical hacking :-

It's hacking an Organization Software systems. Unlike malicious hackers, who steal for their own gains, the intent is to expose security flaws in the system.

Advantages :-

• Having a computer system that prevents malicious hackers from gaining access .
• Having adequate preventative measures in place to prevent security breaches .

Disadvantages :-

• The ethical hacker using the knowledge they gain to do malicious hacking activities .
• The possibility that the ethical hacker will send and/or place malicious code, viruses, malware and other destructive and harmful things on a computer system .

Q 2 Answer :-

• Before Testing :- They can expect before Testing , the testing team can perform all testing and make system secure .
• During Testing :- In during testing they can ecpect each test can perform correctly
• After Testing :- After the testing they can expext all the system vulnerability can be minized or patched , make system fully secure .