Have a Question ?

Home / Answered Questions / CTEC 350 / ctec-350-activity-1-1-determining-the-corporate-need-for-it-security-professionals-q-897

(Solved): CTEC 350 : Activity 1-1 Determining the Corporate Need for IT Security Professionals...


Activity 1-1

Determining the Corporate Need for IT Security Professionals

Time Required: 10 minutes

Objective: Examine the many corporations looking to employ IT, security professionals.

Description: Many companies are eager to employ or contract security testers for their corporate networks. In this activity, you search the Internet for job postings, using the keywords “IT security,” and read some job descriptions to determine the IT skills (as well as any non-IT skills) most companies want an applicant to possess.

  1. 1.

Start your Web browser, and go to http://jobsearch.monster.com.

  1. 2.

Click the Search for Jobs text box, type IT Security, and then click the Search button.

  1. 3.

Scroll to the bottom of the first page, and note the number of positions. Select three to five positions, and read the job description information.

  1. 4.

When you’re finished, exit your Web browser.

help

 

Activity 1-2

Examining the Top 25 Most Dangerous Software Flaws

Time Required: 15 minutes

Objective: Examine the SANS list of the most common network exploits.

Description: As fast as IT security professionals attempt to correct network vulnerabilities, someone creates new exploits, and network security professionals must keep up to date on these exploits. In this activity, you examine some current exploits used to attack networks. Don’t worry—you won’t have to memorize your findings. This activity simply gives you an introduction to the world of network security.

Tip

Be aware that Web sites change often. You might have to dig around to find the information you’re looking for. Think of it as practice for being a skilled security tester.

  1. 1.

Start your Web browser, and go to www.sans.org.

  1. 2.

Under Resources, click the Top 25 Programming Errors link. (Because Web sites change as rapidly as the price of gas, you might have to search to find this link.)

  1. 3.

Read the contents of the Top 25 list. (This document changes often to reflect the many new exploits created daily.) The list is organized into three categories: Insecure Interaction Between Components, Risky Resource Management, and Porous Defenses.

  1. 4.

Investigate the first few flaws by clicking the CWE-# link. For each flaw, note the consequences and its prevalence.

  1. 5.

When you’re finished, exit your Web browser.

 

Activity 1-3

Identifying Computer Statutes in Your State or Country

Time Required: 30 minutes

Objective: Learn what laws might prohibit you from conducting a network penetration test in your state or country.

Description: For this activity, you use Internet search engines to gather information on computer crime in your state or country (or a location selected by your instructor). You have been hired by ExecuTech, a security consulting company, to gather information on any new statutes or laws that might have an impact on the security testers they employ. Write a one-page memo to Bob Lynch, director of security and operations, listing any applicable statutes or laws and offering recommendations to management. For example, you might note in your memo that conducting a denial-of-service attack on a company’s network is illegal because the state’s penal code prohibits this type of attack unless authorized by the owner.

 

 

Activity 1-4

Examining Federal Computer Crime Laws

Time Required: 15 minutes

Objective: Increase your understanding of U.S. federal laws related to computer crime.

Description: For this activity, use Internet search engines to gather information on U.S. Code, Title 18, Sec. 1030, which covers fraud and related activity in connection with computers. Write a summary explaining how this law can affect ethical hackers and security testers.

 

 

Understanding a Consulting Contract

Time Required: 30 minutes

Objective: Increase your understanding of a consulting contract.

Description: For this activity, review the sample contract shown in Appendix B. This contract can’t be used unless you’re a member of the ICCA, but it’s an excellent example of how a contract might be worded. After reading the contract, write a one-page summary discussing the areas you would modify or add to. Include any sections important for a penetration tester that are missing.

Note

Security Bytes

Because the job of an ethical hacker is fairly new, the laws are changing constantly. Even though a company has hired you to test its network for vulnerabilities, be careful that you aren’t breaking any laws in your state or country. If you’re worried that one of your tests might slow down the network because of excessive bandwidth use, this concern should signal a red flag. The company might consider suing you for lost time or monies caused by this delay.

Change font size

help

Activity 1-5

Understanding a Consulting Contract

Time Required: 30 minutes

Objective: Increase your understanding of a consulting contract.

Description: For this activity, review the sample contract shown in Appendix B. This contract can’t be used unless you’re a member of the ICCA, but it’s an excellent example of how a contract might be worded. After reading the contract, write a one-page summary discussing the areas you would modify or add to. Include any sections important for a penetration tester that are missing.

 

Change font size

help

 



We have an Answer from Expert View Expert Answer

Expert Answer


Please place a quick order to get this answer within 2 hours

Regards,

Answerswave expert team

We have an Answer from Expert
Buy This Answer $40

-- OR --

Subscribe To View Unlimited Answers
Subscribe $12 / Month