See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/347902323

Cyber Security and Ethical Hacking: The Importance of Protecting User Data

Article in Solid State Technology · December 2020

CITATIONS READS

36 17,560

4 authors, including:

Ahmad Mtair Al-Hawamleh Jassim Al-Gasawneh

Institute of Public Administration Applied Science Private University
11 PUBLICATIONS 72 CITATIONS 95 PUBLICATIONS 887 CITATIONS

SEE PROFILE SEE PROFILE

Ghada Hammad Al-Rawashdeh

Amman Arab University
11 PUBLICATIONS 114 CITATIONS

SEE PROFILE

All content following this page was uploaded by Jassim Al-Gasawneh on 25 December 2020.

The user has requested enhancement of the downloaded file.

 Solid State Technology
Volume: 63 Issue: 5
Publication Year: 2020

Cyber Security and Ethical Hacking: The

Importance of Protecting User Data
Ahmad Mtair AL Hawamleh
Institute of Public Administration (IPA)
Riyadh, Saudi Arabia
e-mail: alhawamleha@ipa.edu.sa

Alorfi, Almuhannad Sulaiman M

King Abdulaziz University
Jeddah, Saudi Arabia
e-mail: alorfi.almuhannad.s@gmail.com

Jassim Ahmad Al-Gasawneh

Applied Science Private University (ASU)
Amman, Jordan
e-mail: J_algasawneh@asu.edu.jo

Ghada Al-Rawashdeh
University Malaysia Terengganu (UMT)
Terengganu, Malaysia
e-mail: Ghada_rwashdeh@yahoo.com

Abstract—Cyber risk is a danger or threat associated with the use of interconnected

technological systems. This risk occurs when one or more of the three attributes of information
namely confidentiality, integrity and availability is impacted. Essentially, cyber risk is an
operational risk happening in cyberspace. Somehow, cybersecurity mechanisms are costly to
implement. Meanwhile, resources for such implementation can be scarce to some companies.
As a result, many organizations have opted to not implement cybersecurity policies and
procedures in the prevention of cyber threats. Such decision increases the cyber risk level. In
other words, financial losses can be incurred by the company should the sensitive information
of its business users is impacted.The present study was to examine the importance of
cybersecurity and the use of ethical hacking techniques for user data protection through the
characterization of globally established standards and techniques for organizations to apply, in
the prevention of likely cyber threats while assuring user data protection.
7894

Keywords— Cybersecurity; Ethical Hacking; Cyber Risk; Data Protection.

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 5
Publication Year: 2020
I. INTRODUCTION

At current time, various services are being offered via the Internet, and in cyberspace, companies
could connect with those in various locations globally[1]. In 2019, [2] pertinently highlighted that
the Internet connectivity speeds up the economic growth while generating the opportunities for
business and commerce. Nonetheless, there are risks associated with the use of information
technologies in the company’s business models. Among the risks is cybernetic risk which can cause
damage to the operation of organization – causing damage specifically to one or more of the three
information attributes – leading to the damage tothe technological systems of the organization [3],
[4].
As reported in [5], [6], among many organizations, there has been an inclination towards using
measures including weak usernames and passwords, data encryption,firewalls with default settings,
and virus protection, but there were generally nosophisticated measures for dealing with cyber
threats and for decreasing cyber risk. In 2018, [7] indicated that failure in using basic security
measures in safeguarding the company data can make organizations vulnerable to cyber-attacks.
Cybersecurity refers to the assortment of tools, best practices, guidelines, policies, security concepts,
security safeguards, approaches to risk management, training actions, assurance and technologies
usable in protecting cyber environment, the organization and the assets of user [8], [9]. The
organization and user assets connected include computing devices, infrastructure, applications,
services, personnel, telecommunications systems, in addition to all the communicated and / or stored
information within the cyber environment.
Cybersecurity assures that the organization attains and maintains its security properties and user
assets against security risks within cyber environment[10], [11], [12], [13], [14]. In this
regard,cybersecurity and ethical security hacking techniques can be applied by organization in
decreasing cyber risks and potentialeffect on the reputation of organization and its data. Ethical
hacking can maintain digital privacy of users. At the same time, the organization can foresee
potential cyberattacks and averttheiroccurrence. Hence, the implementation of cybersecurity and
ethical hacking techniques can facilitate organization in preserving its digital assets[15].
The unpreparedness of most Internet users and companies in protecting information from
cybercriminals[16], [17], [18], [19].Then again, mechanisms of computer security are costly to
implement while resources for such purpose are scarce [20]. As such, many companies decided not
to implement policies and cybersecurity procedures in the prevention of cyber threats. Such decision
can lead to the increase of cyber risk level, and this puts company at a risk of financial losses when
sensitive business information is affected.
The present study examines the significance of cybersecurity and the use of ethical hacking
techniques in protecting user data, and the different globally established standards and techniques,
for the purpose of preventing potential cyber threats and for assuring user data protection.
II. DEVELOPMENT
Statements such as“Hacker attacks damage systems,” “My Company was hacked,” and“A new
7895

vulnerability affects Windows platforms” have been frequently heard and each actually differs from
one another, despite their occasional interchangeable use to describe similar situation. This paper
will thus provide the accurate meaning of the conceptsof cybersecurity and ethical hacking in order
that each will be appropriately used.

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 5
Publication Year: 2020
A. Basic Concepts

 Threat: Any action exploiting a vulnerability to damage the security of an information system
or technological infrastructure, imparting adverse impact on certain element of a given system [21],
[22].
 Vulnerability: Aflaw or failure in an information system which risks the information security,
providing opportunity to an attacker in compromising the integrity, availability or confidentiality of
the system, and should therefore be eradicated[21], [23], [13].
 Cyber Risk: An operational risk taking place in cyberspace, and it specifically encompasses a
danger or threat from the use of interconnected technological systems, and becomes visible when at
least one of the three information attributes is impacted[24].
 Cyber-Attack: An action executed by a group comprising computer experts to harm a given
network or system, but generally for extracting private information, stealing, spying or extorting[25],
[13].
 Hacker: An expert in computer handling, particularly in systems security and in forming
techniques of improvement [26]. The three classes of hackers with distinct intention in breaching an
organization, and they are Black Hat Hacker, Gray Hat Hacker and White HatHacker [27]. The
details of each are as follows:
 Black Hat hackers search for botches in the technological infrastructure of a company and
exploit these botches to commit wrongful acts such as stealing data for economic gains[28].
 Gray Hat Hackers utilized the techniques similar to those of Black Hat counterparts but with
the purpose of informing the company about their security issues rather than for own personal
gains[29].
 White Hat Hackers are ethical hackers and they employ certain techniques in exploring,
testing and rectifying the flaws within the systems of an organization. The techniques utilized by
these hackers are known to the company [30].
 Security analysis: Security analysis varies in terms of types, scope and depth. In this regard,
visibility and positioning need to be considered, whereby the former relates to the information that
will be presented before the security of the information systems is analysed, while the latter relates
to the location of the security analysis, whether inside or outside the organization. Worldwide, there
are three types of security analysis as follows[31], [32]:
a. Vulnerability assessment: An assessment with the lowest depth but requires the smallest
amount of time and resources. Identification of open ports, accessible services, and identified
vulnerabilities in the target information systems, are all part of vulnerability assessment[31], [32].
b. Penetration Test: An intrusion test encompassing tasks related to the exploitation and post-
exploitation of vulnerabilities. Equally, this test encompasses a group of objective tests performed in
detecting vulnerabilities in a system, based on the assumption that no system isfully secure or
sacrosanct[31], [32].
c. Ethical Hacking: A form of hacking that perceives each element as an objective and is the
most reflective type of security analysis, with the purpose of systematically analyzing the security of
7896

information systems to determine what they are, and the weaknesses that could impact an
organization[31], [32].

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 5
Publication Year: 2020
Aside from the aforementioned, there are also other types of security analysis which can be
performed on information systems. Among them include risk analysis and code audits. The use of
each analysis type is dictated by the requirements and objectives of the organization.

B. Standards

In the implementation of Cybersecurity and Ethical Hacking solution in an organization, the work
standards and the appropriate combination need to first be determined in order to generate a
comprehensive solution. Accordingly, the key cybersecurity standards are as follows:

 ITU-T X.1205 (04/2008): It presents a definition of cybersecurity and a classification of

security threats from the outlook of an organization [33].
 NIST Cybersecurity Framework: A voluntary Framework comprising standards, guidelines,
and best practices in the management of cybersecurity-related risks. The Cybersecurity Framework
employs an approach that is flexible and cost-effective and this facilitates the promotion of the
protection and resilience of critical infrastructure [34].
 Budapest Convention: The Budapest Convention is an international tool with the purpose of
standardizing the approach used by member countries in delineating and dealing with cybercrime
[35].
 Directive (EU) 2016/1148 of the European Parliament and of the Council of the European
Union: This directive is to reinforce an international approach in the Union which incorporates
shared minimum requirements in regards to capacity development and planning, information
exchange, cooperation and mutual requirements of security for critical service operators and digital
service providers [36].
 Executive Order (EO 13636) USA: This executive order addresses the enhancement of
cybersecurity in key infrastructures, the need to provide legitimate safeguard to companies that share
with the Government the information concerning cyber threats, and the need to safeguard the
technological infrastructure from organizations [37].
 ISO/IEC 27032: This standard expedites secure and dependable partnership in protecting the
privacy of people globally, leading to the ease in the preparation, detection, monitoring and
responses against attacks [38].
 ISO/IEC TR 27103: Information technology - Security techniques - Cybersecurity and ISO
and IEC standards show how current information security standards can be utilized by a
cybersecurity framework in the attainment of a well-controlled approach to cybersecurity
management [39].

Standards and security analysis should be applied together in order to allow the evaluation of cyber
risks that the company is exposed to, and the formulation of the correct decision in managing them.
III. METHODOLOGY
Qualitative methodology with a descriptive scope has been chosen in this study. Hence, certain
7897

characteristics associated with cybersecurity could be described from the basic concepts of
cybersecurity from diverse analyses, standards and methodologies used in organizations. The chosen
methodology was used in analyzing the importance of cybersecurity and the use of ethical hacking
techniques in protecting user data. The following phases were included in the development of this

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 5
Publication Year: 2020
study: Gathering of relevant information, conceptualization of the gathered information, and analysis
of the importance of cybersecurity.
IV. RESULTS
Prior to the implementation of cybersecurity policies, [40] highlighted the need of organization in
recognizing its needs. Using these needs, the organization must select the most appropriate standard
and security analysis within a given time period. This study has determined Ethical Hacking as the
recommended security analysis. Specifically, ethical hacking is deeply and intricately performed on
the technological infrastructure and information systems of organization. Notably, companies are all
vulnerable because full security does not exist. Still, companies can make the efforts in reducing
cyber risks. Meanwhile, cybercrime will consistently expand, and with the rise of Artificial
Intelligence, organizations must accordingly prepare to defend themselves against cybercriminals,
and instill awareness to their employees of the cyber risks that they are exposed to.
V. CONCLUSIONS
The present study explores past studies on cybersecurity and ethical hacking. In view of that, there
is a need for organizations to formulate and invest in cybersecurity policies and practiceethical
hacking so that they could safeguard their technological infrastructure, particularly their user
information, as it is regarded as their most valued asset. Trust of user can be damaged by a data
breach, which could considerably impact the company finances. In this regard, organizations should
consider implementing basic security mechanisms for packet filtering, detection of intrusion,
authentication systems, maintenance and update of operating systems and business platforms, and
data encryption. All of these are to assure confidentiality, integrity and availability of information.
REFERENCES

[1] Kushwah, R., Batra, P. K., & Jain, A. (2020, March). Internet of Things Architectural Elements, Challenges and Future
Directions. In 2020 6th International Conference on Signal Processing and Communication (ICSC) (pp. 1-5). IEEE.
[2] Bahrini, R., &Qaffas, A. A. (2019). Impact of information and communication technology on economic growth: Evidence
from developing countries. Economies, 7(1), 21.
[3] Radanliev, P., De Roure, D. C., Nurse, J. R., Burnap, P., Anthi, E., Uchenna, A., ...& Montalvo, R. M. (2019). Cyber risk
management for the Internet of Things.
[4] Al-Adamat, A., Al-Gasawneh, J., & Al-Adamat, O. (2020). The impact of moral intelligence on green purchase
intention. Management Science Letters, 10(9), 2063-2070.
[5] Thakur, K., Hayajneh, T., & Tseng, J. (2019). Cyber security in social media: challenges and the way forward. IT
Professional, 21(2), 41-49.
[6] Wang, S. S. (2019). Integrated framework for information security investment and cyber insurance. Pacific-Basin Finance
Journal, 57, 101173.
[7] Coburn, A., Leverett, E., & Woo, G. (2018). Solving cyber risk: protecting your company and society. John Wiley & Sons.
[8] Shoemaker, D., Kohnke, A., & Sigler, K. (2018). A guide to the National Initiative for Cybersecurity Education (NICE)
cybersecurity workforce framework (2.0). CRC Press.
[9] Rawashdeh, G., Bin Mamat, R., Bakar, Z. B. A., & Rahim, N. H. A. (2019). Comparative between optimization feature
selection by using classifiers algorithms on spam email. International Journal of Electrical & Computer Engineering (2088-8708), 9.
[10] Alhawamleh, A. M. K. (2012). Web Based English Placement Test System (ELPTS) (Doctoral dissertation, Universiti Utara
Malaysia).‫‏‬
[11] Kumar, S., Soni, M. K., & Jain, D. K. (2015). Cyber security threats in synchrophasor system in wide area monitoring
system. Int J ComputAppl, 115(8), 17-22.
[12] Newhouse, W., Keith, S., Scribner, B., & Witte, G. (2017). National initiative for cybersecurity education (NICE)
7898

cybersecurity workforce framework. NIST Special Publication, 800(2017), 181.

[13] Gaona, L. A., Trillos, J. E. ., &Bayona, A. N. (2019). CIBERSEGURIDAD Y ETHICAL HACKING: LA IMPORTANCIA
DE PROTEGER LOS DATOS DEL USUARIO. EncuentroInternacional De EducaciónEnIngeniería. Retrieved from:
https://acofipapers.org/index.php/eiei/article/view/248.
[14] Sani, A. S., Yuan, D., Jin, J., Gao, L., Yu, S., & Dong, Z. Y. (2019). Cyber security framework for Internet of Things-based
Energy Internet. Future Generation Computer Systems, 93, 849-859.

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 5
Publication Year: 2020
[15] Chaisse, J., & Bauer, C. (2018). Cybersecurity and the Protection of Digital Assets: Assessing the Role of International
Investment Law and Arbitration. Vand. J. Ent. & Tech. L., 21, 549.
[16] Alhawamleh, A. M., &Ngah, A. (2017, May). Knowledge sharing among jordanian academicians: A case study of tafila
technical university (TTU) and mutah university (MU). In 2017 8th International Conference on Information Technology (ICIT) (pp.
262-270). IEEE.‫‏‬
[17] Hawamleh, A. M., &Ngah, A. (2017). An Adoption Model of Mobile Knowledge Sharing Based on the Theory of Planned
Behavior. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 9(3-5), 37-43.‫‏‬
[18] Younies, H., & Na, T. (2020). Effect of cybercrime laws on protecting citizens and businesses in the United Arab Emirates
(UAE). Journal of Financial Crime.
[19] Al-Gasawneh, J. A., & Al-Adamat, A. M. (2020). The Relationship between Perceived Destination Image, Social Media
Interaction and Travel Intentions Relating To Neom City. Academy of Strategic Management Journal, 19(2).
[20] El Mrabet, Z., Kaabouch, N., El Ghazi, H., & El Ghazi, H. (2018). Cyber-security in smart grid: Survey and
challenges. Computers & Electrical Engineering, 67, 469-482.
[21] INCIBE, R. (2017). ES, Huawei,“Building a Trusted and Managed IoT World”. In Mobile World Congress.
[22] Williams-Banta, P. E. (2019). Security Technology and Awareness Training; Do They Affect Behaviors and Thus Reduce
Breaches? (Doctoral dissertation, Northcentral University).
[23] Kure, H. I., Islam, S., &Razzaque, M. A. (2018). An integrated cyber security risk management approach for a cyber -
physical system. Applied Sciences, 8(6), 898.
[24] Biener, C., Eling, M., &Wirfs, J. H. (2015). Insurability of cyber risk: An empirical analysis. The Geneva Papers on Risk
and Insurance-Issues and Practice, 40(1), 131-158.
[25] Panko, R. R. (2010). Corporate computer and network security, 2/e. Pearson Education India.
[26] Papanikolaou, A., Karakoidas, V., Vlachos, V., Venieris, A., Ilioudis, C., &Zouganelis, G. (2011, September). A Hacker's
Perspective on Educating Future Security Experts. In 2011 15th Panhellenic Conference on Informatics (pp. 68-72). IEEE.
[27] Chowdappa, K. B., Lakshmi, S. S., & Kumar, P. P. (2014). Ethical hacking techniques with penetration
testing. International journal of computer science and information technologies, 5(3), 3389-3393.
[28] Richet, J. L. (2012). How to Become a Black Hat Hacker? An Exploratory Study of Barriers to Entry into Cybercrime (No.
hal-02187741).
[29] Harper, A., Harris, S., Ness, J., Eagle, C., Lenkey, G., & Williams, T. (2011). Gray hat hacking the ethical hackers
handbook. McGraw-Hill Osborne Media.
[30] Caldwell, T. (2011). Ethical hackers: putting on the white hat. Network Security, 2011(7), 10-13.
[31] Shah, S., &Mehtre, B. M. (2013). A modern approach to cyber security analysis using vulnerability assessment and
penetration testing. Int J Electron CommunComputEng, 4(6), 47-52.
[32] Baloch, R. (2017). Ethical hacking and penetration testing guide. CRC Press.
[33] Le, N. T., & Hoang, D. B. (2016, December). Can maturity models support cyber security?. In 2016 IEEE 35th international
performance computing and communications conference (IPCCC) (pp. 1-7). IEEE.
[34] Hitchcox, Z. (2020). Limitations of Cybersecurity Frameworks that Cybersecurity Specialists must understand to Reduce
Cybersecurity Breaches (Doctoral dissertation, Colorado Technical University).
[35] Clough, J. (2014). A world of difference: the Budapest convention of cybercrime and the challenges of
harmonisation. Monash UL Rev., 40, 698.
[36] Schallbruch, M. (2018). The european network and information security directive–a cornerstone of the digital single market.
In Digital Marketplaces Unleashed (pp. 287-295). Springer, Berlin, Heidelberg.
[37] Fischer, E. A., Liu, E. C., Rollins, J., &Theohary, C. A. (2013). The 2013 cybersecurity executive order: Overview and
considerations for congress. Washington: Congressional Research Service.
[38] Miloslavskaya, N. (2019). Network Security Intelligence Centres for Information Security Incident Management (Doctoral
dissertation, University of Plymouth).
[39] Kim, S. M., Jung, H. S., & Lee, Y. W. (2020). Framework Based Smart City Cyber Security Matrix. Journal of the Korean
Society of Industry Convergence, 23(2_2), 333-341.
[40] Berger, H., & Jones, A. (2016, July). Cyber security & ethical hacking for SMEs. In Proceedings of the The 11th
International Knowledge Management in Organizations Conference on The changing face of Knowledge Management Impacting
Society (pp. 1-6).
7899

Archives Available @ www.solidstatetechnology.us

View publication stats