Professional Documents
Culture Documents
Cyber Security and Ethical Hacking: The Importance of Protecting User Data
Cyber Security and Ethical Hacking: The Importance of Protecting User Data
net/publication/347902323
Cyber Security and Ethical Hacking: The Importance of Protecting User Data
CITATIONS READS
36 17,560
4 authors, including:
SEE PROFILE
All content following this page was uploaded by Jassim Al-Gasawneh on 25 December 2020.
Ghada Al-Rawashdeh
University Malaysia Terengganu (UMT)
Terengganu, Malaysia
e-mail: Ghada_rwashdeh@yahoo.com
At current time, various services are being offered via the Internet, and in cyberspace, companies
could connect with those in various locations globally[1]. In 2019, [2] pertinently highlighted that
the Internet connectivity speeds up the economic growth while generating the opportunities for
business and commerce. Nonetheless, there are risks associated with the use of information
technologies in the company’s business models. Among the risks is cybernetic risk which can cause
damage to the operation of organization – causing damage specifically to one or more of the three
information attributes – leading to the damage tothe technological systems of the organization [3],
[4].
As reported in [5], [6], among many organizations, there has been an inclination towards using
measures including weak usernames and passwords, data encryption,firewalls with default settings,
and virus protection, but there were generally nosophisticated measures for dealing with cyber
threats and for decreasing cyber risk. In 2018, [7] indicated that failure in using basic security
measures in safeguarding the company data can make organizations vulnerable to cyber-attacks.
Cybersecurity refers to the assortment of tools, best practices, guidelines, policies, security concepts,
security safeguards, approaches to risk management, training actions, assurance and technologies
usable in protecting cyber environment, the organization and the assets of user [8], [9]. The
organization and user assets connected include computing devices, infrastructure, applications,
services, personnel, telecommunications systems, in addition to all the communicated and / or stored
information within the cyber environment.
Cybersecurity assures that the organization attains and maintains its security properties and user
assets against security risks within cyber environment[10], [11], [12], [13], [14]. In this
regard,cybersecurity and ethical security hacking techniques can be applied by organization in
decreasing cyber risks and potentialeffect on the reputation of organization and its data. Ethical
hacking can maintain digital privacy of users. At the same time, the organization can foresee
potential cyberattacks and averttheiroccurrence. Hence, the implementation of cybersecurity and
ethical hacking techniques can facilitate organization in preserving its digital assets[15].
The unpreparedness of most Internet users and companies in protecting information from
cybercriminals[16], [17], [18], [19].Then again, mechanisms of computer security are costly to
implement while resources for such purpose are scarce [20]. As such, many companies decided not
to implement policies and cybersecurity procedures in the prevention of cyber threats. Such decision
can lead to the increase of cyber risk level, and this puts company at a risk of financial losses when
sensitive business information is affected.
The present study examines the significance of cybersecurity and the use of ethical hacking
techniques in protecting user data, and the different globally established standards and techniques,
for the purpose of preventing potential cyber threats and for assuring user data protection.
II. DEVELOPMENT
Statements such as“Hacker attacks damage systems,” “My Company was hacked,” and“A new
7895
vulnerability affects Windows platforms” have been frequently heard and each actually differs from
one another, despite their occasional interchangeable use to describe similar situation. This paper
will thus provide the accurate meaning of the conceptsof cybersecurity and ethical hacking in order
that each will be appropriately used.
Threat: Any action exploiting a vulnerability to damage the security of an information system
or technological infrastructure, imparting adverse impact on certain element of a given system [21],
[22].
Vulnerability: Aflaw or failure in an information system which risks the information security,
providing opportunity to an attacker in compromising the integrity, availability or confidentiality of
the system, and should therefore be eradicated[21], [23], [13].
Cyber Risk: An operational risk taking place in cyberspace, and it specifically encompasses a
danger or threat from the use of interconnected technological systems, and becomes visible when at
least one of the three information attributes is impacted[24].
Cyber-Attack: An action executed by a group comprising computer experts to harm a given
network or system, but generally for extracting private information, stealing, spying or extorting[25],
[13].
Hacker: An expert in computer handling, particularly in systems security and in forming
techniques of improvement [26]. The three classes of hackers with distinct intention in breaching an
organization, and they are Black Hat Hacker, Gray Hat Hacker and White HatHacker [27]. The
details of each are as follows:
Black Hat hackers search for botches in the technological infrastructure of a company and
exploit these botches to commit wrongful acts such as stealing data for economic gains[28].
Gray Hat Hackers utilized the techniques similar to those of Black Hat counterparts but with
the purpose of informing the company about their security issues rather than for own personal
gains[29].
White Hat Hackers are ethical hackers and they employ certain techniques in exploring,
testing and rectifying the flaws within the systems of an organization. The techniques utilized by
these hackers are known to the company [30].
Security analysis: Security analysis varies in terms of types, scope and depth. In this regard,
visibility and positioning need to be considered, whereby the former relates to the information that
will be presented before the security of the information systems is analysed, while the latter relates
to the location of the security analysis, whether inside or outside the organization. Worldwide, there
are three types of security analysis as follows[31], [32]:
a. Vulnerability assessment: An assessment with the lowest depth but requires the smallest
amount of time and resources. Identification of open ports, accessible services, and identified
vulnerabilities in the target information systems, are all part of vulnerability assessment[31], [32].
b. Penetration Test: An intrusion test encompassing tasks related to the exploitation and post-
exploitation of vulnerabilities. Equally, this test encompasses a group of objective tests performed in
detecting vulnerabilities in a system, based on the assumption that no system isfully secure or
sacrosanct[31], [32].
c. Ethical Hacking: A form of hacking that perceives each element as an objective and is the
most reflective type of security analysis, with the purpose of systematically analyzing the security of
7896
information systems to determine what they are, and the weaknesses that could impact an
organization[31], [32].
B. Standards
In the implementation of Cybersecurity and Ethical Hacking solution in an organization, the work
standards and the appropriate combination need to first be determined in order to generate a
comprehensive solution. Accordingly, the key cybersecurity standards are as follows:
Standards and security analysis should be applied together in order to allow the evaluation of cyber
risks that the company is exposed to, and the formulation of the correct decision in managing them.
III. METHODOLOGY
Qualitative methodology with a descriptive scope has been chosen in this study. Hence, certain
7897
characteristics associated with cybersecurity could be described from the basic concepts of
cybersecurity from diverse analyses, standards and methodologies used in organizations. The chosen
methodology was used in analyzing the importance of cybersecurity and the use of ethical hacking
techniques in protecting user data. The following phases were included in the development of this
[1] Kushwah, R., Batra, P. K., & Jain, A. (2020, March). Internet of Things Architectural Elements, Challenges and Future
Directions. In 2020 6th International Conference on Signal Processing and Communication (ICSC) (pp. 1-5). IEEE.
[2] Bahrini, R., &Qaffas, A. A. (2019). Impact of information and communication technology on economic growth: Evidence
from developing countries. Economies, 7(1), 21.
[3] Radanliev, P., De Roure, D. C., Nurse, J. R., Burnap, P., Anthi, E., Uchenna, A., ...& Montalvo, R. M. (2019). Cyber risk
management for the Internet of Things.
[4] Al-Adamat, A., Al-Gasawneh, J., & Al-Adamat, O. (2020). The impact of moral intelligence on green purchase
intention. Management Science Letters, 10(9), 2063-2070.
[5] Thakur, K., Hayajneh, T., & Tseng, J. (2019). Cyber security in social media: challenges and the way forward. IT
Professional, 21(2), 41-49.
[6] Wang, S. S. (2019). Integrated framework for information security investment and cyber insurance. Pacific-Basin Finance
Journal, 57, 101173.
[7] Coburn, A., Leverett, E., & Woo, G. (2018). Solving cyber risk: protecting your company and society. John Wiley & Sons.
[8] Shoemaker, D., Kohnke, A., & Sigler, K. (2018). A guide to the National Initiative for Cybersecurity Education (NICE)
cybersecurity workforce framework (2.0). CRC Press.
[9] Rawashdeh, G., Bin Mamat, R., Bakar, Z. B. A., & Rahim, N. H. A. (2019). Comparative between optimization feature
selection by using classifiers algorithms on spam email. International Journal of Electrical & Computer Engineering (2088-8708), 9.
[10] Alhawamleh, A. M. K. (2012). Web Based English Placement Test System (ELPTS) (Doctoral dissertation, Universiti Utara
Malaysia).
[11] Kumar, S., Soni, M. K., & Jain, D. K. (2015). Cyber security threats in synchrophasor system in wide area monitoring
system. Int J ComputAppl, 115(8), 17-22.
[12] Newhouse, W., Keith, S., Scribner, B., & Witte, G. (2017). National initiative for cybersecurity education (NICE)
7898