Ethical Hacking

Ethical hacking as a risk management technique is the use of programming skills in determining vulnerabilities in the computer system. There are varied types of ethical hackers including the White Hat, Black Hat and Grey Hat; thus both focus on building a risk management program effective for eliminating vulnerabilities. The rapid advancement of technology has brought many constructive and significant solutions to the life of people. New areas of research have tremendously increased in e-commerce, electronic activities and information sharing areas. However, with the increased technology advancement, there have been a growing number of cybercrimes and criminal hacking activities. Businesses and other Internet users are nowadays scared of computer experts who will offer risk management through penetrating into their web server to offer adequate security. Therefore, there is a need for computer science students to advance their ethical hacking techniques in order to fight against the increasing problems of criminal hacking. 

Project Goals
•    The project attempts to offer a comprehensive risks management plan effective for eliminating hacking activities in varied organizations.
•    It identifies the risks resulting from hacking and offer effecting hacking methods that hackers will employ to manage organizational risks. 
•    It analyses the process of ethical hackings and also attempt to find out the pros or cons arising from ethical hacking. 

LITERATURE REVIEW
This chapter will employ varied literature materials in order to examine the way the previous scholars have argued about ethical hacking issues. Tiller (2005) offer varied methodologies and unwritten convention that ethical hackers should employ in order to offer the maximum value to companies that want to manage organizational risks. The author reveals the technical aspects of penetration testing in order to address the engagement rules necessary for successful technical tests. Jahankhani (2010) also reveals the way cybercrimes has become one of the biggest problems in many industries across the globe; thus reveals varied aspects including implementation, investigative techniques and criminal intelligence in fighting cybercrimes. The author aimed to educate the academia members, public and private sectors, as well as, students on the way to overcome cybercrimes issues. Logan and Clarkson (2005) reveal the significant need to educate computer science students to hack; thus enabling them to become experts in managing risks or vulnerabilities arising from hacking activities.

HYPOTHESIS
Hacking will likely to pose risks such as exposing sensitive user data and risk user privacy; thus making information vulnerable to illegitimate use and manipulation. Therefore, it triggers theft of critical business information because important information may be lost in the process hacking. This is because hacking can convert computer into zombies; thus contributing to spamming and phishing activities. Therefore, the core hypothesis of the project is to examine the extent of risks arising from hacking: to risks triggers; thus determining effective solutions for risk management.

RESEARCH METHODOLOGY AND DESIGN
The researcher will employ both qualitative and quantitative research design methods of attacking a computer network. The hacking methodologies will describe the process that the ethical hacker will employ in a tacking the computer system, and the risks that may arise from employing varied hacking methodologies.

QUALITATIVE RISK ANALYSIS
The researcher will employ qualitative methodology to examine the process of ethical hackings and also attempt to find out the pros or cons arising from ethical hacking activities. This method offers a foundation for a focused quantitative analysis or implementation of a response plan.

Risk Ranking
    The researcher will use qualitative risk analysis method in ranking the risks that may arise from ethical hacking. Risks can be categorized in different ways including risks from the project source, area impacted and risks arising in the project phase. Qualitative placing of risks in categories will enable the researcher to find the common cause of the risks surrounding the project. The overall risks ranking that may arise in the project may be determined through summing up the individual risks and the common risks causes surrounding the project such as inadequate project resources or financial risks.

List of Prioritized Risks
The researcher will list prioritized risks that may arise and these will include financial risks for developing the project, the cost of monitoring the project and the impacts that the project will pose. The impact may include loss of sensitive information, false sense of security and being given a snapshot of what is taking place.

List of Risks for Additional Analysis and Management
The additional risk may include project and business risks arising from ethical hacking services. Thus, the management aspects can include employing varied testing methods such as black, white and grey box testing. Black box testing exposes the project to less risk, less cost and it offer real world results. White box testing is more holistic ways of analyzing risks and it is effective, but Grey box testing balances the cost/time of the project. Therefore, customers understand the business challenges; thus developing strategies for mitigating the risks that they present.

QUANTITATIVE RISK ANALYSIS
Sensitivity Analysis
Quantitative risk analysis will help the researcher to make significant decision of developing a new risk management plan within the budget limit. It is crucial to present a well-prepared quantitative risk analysis in order to soothe the needs of the management. Therefore, the chance of success for the project approval will be greatly increased by practicing due diligence of collecting enough corroborating data.

Prioritized List of Quantified Risks
It is vital to prioritize the list of quantified risks that will result in the process of developing a management risk place of ethical hacking. The research will conduct a risk assessment and vulnerability study in order to determine the risk factors that may arise in the process of quantitative risk analysis. The research can conduct a safeguard cost or benefit analysis through determining the risks that may arise from ethical hacking activities such as loss of organization sensitive information and the legal aspects that may be posed towards risk management process.

Probabilistic Analysis of Project
The researcher will carry out survey in order to determine the way Internet users are frequently attacked by hackers. This will en able them to determine the percentage of unauthorized access or misuse of websites; thus employing effective management tool for reducing vulnerabilities.

SUMMARY AND CONCLUSION
Recommendations for New Research
    There is need for future research on the ethical hacking because cybercrimes is still on the increase and many researchers have not provided effective analysis on the way one can minimize risks that rise due to increased cybercrimes issues. Therefore, the future research should further offer adequate analysis on the way ethical hackers will implement effective risk management plan that will enable Internet users to protect their information from hacking issues. 

Conclusion
In conclusion, computer science students should advance their ethical hacking techniques in order to fight against the increasing problems of criminal hacking. The research purpose was offer a comprehensive risks management plan effective for eliminating hacking activities in varied organizations. The literature materials revealed the need for technical aspects of penetration testing in order to address the engagement rules necessary for successful technical tests.  The core hypothesis of the project was to examine the extent of risks arising from hacking: to risks triggers; thus determining effective solutions for risk management. The researcher employed both qualitative and quantitative research design methods of attacking a computer network. Thus, there is a need for future research to offer adequate analysis on the way ethical hackers will implement effective risk management plan, which will enable Internet users or businesses to protect their data from hacking activities.