PENETRATION TESTING AS AN EFFECTIVE TOOL FOR CYBERSECURITY MANAGEMENT
DOI:
https://doi.org/10.32689/maup.it.2023.3.3Keywords:
cybersecurity, cybersecurity management, control, alertness, penetration testingAbstract
In the modern information environment, special attention is paid to cyber security issues. The growing threat of cyber attacks and unauthorized access to computer systems, networks, data and information of enterprises and organizations presents them with the task of effective cyber security management. Accordingly, the article examines the theoretical aspects of the development and functioning of the management system aimed at protecting against cyber threats. One of the key concepts is the transformation of this system into cyber security management. It has been studied that the classical functions of management – planning, organization, motivation and control – are properly correlated with the tasks of cyber security. This allows for an integrated approach to cyber security management, providing effective protection against cyber threats. Paradoxically, the cornerstone of modern cyber defense is the "human factor". It was found that, in addition to technical aspects, an important role in ensuring cyber security is played by the preparedness and awareness of personnel. Therefore, increasing technical literacy and corporate vigilance become extremely important tasks. In this context, the article suggests the use of a penetration testing procedure known as the Cyber Red Team. According to this concept, an expert team conducts testing using external methods, carrying out attacks on the system, which allows identifying weak points and gaps in cyber defense. Finally, the article provides practical recommendations for conducting pentests aimed at improving the effectiveness of cyber security management at the level of individual enterprises and organizations. These measures will contribute to improving the level of vigilance and alertness of personnel, which is an important step in ensuring a high degree of cyber security. In conclusion, the article highlights the current aspects of the development of the cyber security management system, focusing on the importance of the "human factor" and proposing innovative approaches to increasing the level of cyber security at enterprises and organizations.
References
У 2022 році кількість кібератак на Україну зросла майже втричі. 2023. URL: https://forbes.ua/news/v-2022-rotsi-kilkist-kiberatak-na-ukrainu-zrosla-mayzhe-vtrichi-90-khakerskikh-grup-z-rf-kontrolyuyutsiloviki-04052023-13454
Про основні засади забезпечення кібербезпеки України : закон України від 05.10.2017 р. № 2163-VIII / Верховна Рада України. 2017. URL: http://zakon3.rada.gov.ua/laws/show/2163-19
Сметанюк О.А., Бондарчук А. В. Особливості системи управління проєктами в it-компаніях. Агросвіт. 2020. № 10. С. 105–111.
Орлова О.М. Особливості управління персоналом в ІТ-сфері. URL: http://www.visnyk-econom.uzhnu.uz.ua/archive/11_2017ua/28.pdf
Barzashka I. Are Cyber-Weapons Effective? Assessing Stuxnet’s Impact on the Iranian Enrichment Programme. The RUSI Journal. Taylor & Francis. 2013. Vol. 158, № 2. P. 48–56.
Jaeger D., et al. Analysis of Publicly Leaked Credentials and the Long Story of Password. 2016. P. 1–19.
Wang C., et al. The Next Domino to Fall / Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. CODASPY18 The 8th ACM Conference on Data; Application Security; Privacy March 19 – 21. 2018. Tempe, AZ, USA. P. 196–203.
Tanni T., et al. Is My Password Strong Enough? : A Study on User Perception in The Developing World. EAI Endorsed Transactions on Creative Technologies. European Alliance for Innovation n.o. 2022. Vol. 9, № 30. P. 1–12.
Hitchcock K. Linux System Administration for the 2020s : The Modern Sysadmin Leaving Behind the Culture of Build and Maintain. Apress, 2022. P. 328.
Aston-Jones G. Brain structures and receptors involved in alertness. Sleep Medicine. Elsevier BV. 2005. Vol. 6. P. 3–7.
Caldwell J.A., Caldwell J.L., Schmidt R.M. Alertness management strategies for operational contexts URL: https://pubmed.ncbi.nlm.nih.gov/18359253/
Niu S.F., Chung M.H., Chen C.H., Hegney D., OBrien A., Chou K.R. The Effect of Shift Rotation on Employee Cortisol Profile, Sleep Quality, Fatigue, and Attention Level. Journal of Nursing Research. Ovid Technologies (Wolters Kluwer Health). 2011. Vol. 19. № 1. P. 68–81.
Oken B., et al. Vigilance state fluctuations and performance using braincomputer interface for communication. Brain-Computer Interfaces. Informa UK Limited. 2018. Vol. 5, № 4. P. 146–156.
Langner R., Eickhoff S. B. Sustaining attention to simple tasks: A meta-analytic review of the neural mechanisms of vigilant attention. Psychological Bulletin. – American Psychological Association (APA). 2013. Vol. 139, № 4. P. 870–900.
Zakaria M. N., et al. Review of Standardization for Penetration Testing Reports and Documents. 2019 6th International Conference on Research and Innovation in Information Systems (ICRIIS). 2019. P. 1–5.
Shebli H.M.Z.A., Beheshti B.D. A study on penetration testing process and tools. 2018 IEEE Long Island Systems, Applications and Technology Conference (LISAT). 2018. P. 1–7.
