Final Report Proposal
Tranger
FinalReportProposalSample.pdf
PROPOSAL
TO: Bill Lumbergh
FROM: ***** *****
DATE: *****
SUBJECT: Ethical Hacking
Introduction
The topic for my report is penetration testing. Penetration testing has been around since the
mid-sixties. For over fifty years penetration testers (sometimes referred to as white hat hackers,
tiger teams, or ethical hackers) have been working to protect sensitive information from
malicious black hat hackers or cyber criminals. The goals of black hat hackers include:
disrupting service to clients, stealing personal information for financial gain, defacing
websites, and the destruction of computers and data owned by their targets. A successful
cyberattack can cost a corporation millions of dollars, as well as cause customers to lose faith
in the company’s ability to keep their personal information safe. It is the job of an ethical
hacker to find the vulnerabilities before the black hat hackers do, which allows the corporation
that hired the ethical hackers to mitigate the discovered vulnerabilities.
Penetration testing, sometimes called ethical hacking, is a process in which a team or an
individual is hired to break into a corporation’s computer network and gain control of
influential machines, such as a web server. Once the ethical hackers gain access they attempt to
expand their influence by elevating their privileges on exploited machines and/or gaining
access to more computers on the network. The goal of a penetration test is to expose
weaknesses in the target company’s security protocols and inform the company of the findings.
Once flaws in the corporation’s security have been identified and exploited a formal report is
created. The formal report highlights the areas in the corporation’s computer network that are
vulnerable to attack. The final report often includes a risk assessment that describes the
potential consequences that the discovered security vulnerabilities could pose if a black hat
hacker were to discover and exploit the vulnerability. The report does not contain details of
how the attack was carried out. This information is omitted for client safety (the last thing a
tiger team wants is for the discovered vulnerabilities to be used by a cybercriminal to harm their
client’s organization). In addition to providing a risk assessment, the ethical hacking team will
also tell the corporation how to mitigate the risks that were found during the penetration test.
Research Questions
Although lots of research has already been done on my topic, the following are questions that I
still want to find answers to. What is the recommended amount of time between penetration
tests? How do penetration testers discuss the levels of penetration testing with their clients, and
will ethical hackers always recommend the most in-depth testing? What are some common
vulnerabilities that effect systems today? How common are security breaches? How much
money did the malware WannaCry cost effected businesses, and could penetration testing have
prevented the losses? Is it required by law that large corporations receive penetration testing?
How exactly does a typical penetration test work? How do penetration testers pick their initial
target? Do penetration testers have an ordered list of tasks? What major impacts does
penetration testing have on the economy? What does a professional penetration testing report
look like?
Proposed Solutions
I plan to find the answers to the above questions in a variety of ways. First, I will use google to
get a surface understanding of the answer/process. Second, I will consult an academic database,
such as EBSCO, to obtain in-depth answers to my questions; as well as, advanced explanations
of the processes. I will keep track of information that I plan to use by employing a double entry
journal.
Plan
The final report will start by defining key terms and introducing penetration testing. Topics for
the first section will include: what penetration testing is, how penetration testing came to be,
and why penetration testing is useful. Once penetration testing has been introduced I will
discuss the specifics of how a typical penetration test progresses. This section of the report will
address topics such as: interacting with the client, safety precautions, system assessment,
vulnerability exploitation, delivering the results to the client, and recommending changes to
the client’s security system. Next, I will talk about how penetration testing affects the economy
and society. This section will include the cost of a penetration test, the potential consequences
for not receiving penetration testing, and the benefits/drawbacks of partaking in a penetration
test. The following section will discuss the future of penetration testing. This section will
include the projected growth for the field of penetration testing, the amount of money that
penetration testing companies make in a year, and how this may change in the future.
Based on the data that I have collected so far; I believe that Initech will invest in penetration
testing because a lack of strong computer security can result in the loss of millions of dollars.
This is demonstrated in Heidi Daitch’s article, “2017 Data Breaches—The worst so far,” when
Daitch writes:
Health insurance company Anthem has agreed to a $115 million settlement in connection with a
2015 data breach that impacted 80 million of their customers across their Anthem Blue Cross
and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield,
Amerigroup, Caremore, Unicare, Healthlink, and DeCare brands.
Although Anthem acted quickly, notifying the FBI and working with a cyber security firm as
soon as it was made aware of the breach, the breadth of the initial breach and subsequent costly
payout just goes to reinforce the need for companies of all sizes to take cyber security issues
seriously.
115 million dollars is a lot of money to lose; consequently, corporations will be looking to
tighten their computer security to prevent this from happening to them and penetration testing is
great way to test/improve computer security. It is for this reason that investing in penetration
testing will result in financial gains for Initech.
Works Cited
Daitch, Heidi. “2017 Data Breaches - The Worst Breaches, So Far | IdentityForce®.” We Aren't
Just Protecting You From Identity Theft. We Protect Who You Are., 1 May 2018,
www.identityforce.com/blog/2017-data-breaches.
