PenTest4All – Sistema automatizado de análise à segurança informática de uma rede

A segurança no ciberespaço é um problema mundial e deve ser encarado como tal. O aumento do número de utilizadores e de dispositivos ligados à Internet levou ao aparecimento de novos vetores de ataque a países, empresas e pessoas. As empresas têm enfrentado diversos problemas de violações de segurança, aumentando os riscos a que estão expostas e, consequentemente, a sua sustentabilidade. Os testes de penetração são uma avaliação essencial e praticamente obrigatória nas empresas atuais, e devem ser realizados com bastante frequência para que estas se mantenham em segurança e protegidas. Este projeto tem como objetivo a construção de uma solução simples, prática, económica e eficiente, que possibilite mitigar esses riscos. A solução proposta será baseada num Raspberry Pi 3 modelo B+, com o sistema operativo Kali Linux e que permita a realização de testes de penetração em redes locais (LANs - Local Area Networks). Estes testes deverão ser totalmente automatizados e sem necessidade de profundos conhecimentos técnicos nem configurações de elevada complexidade. A solução final deste projeto, deverá permitir a realização de scans na rede local, de forma a identificar equipamentos, realizar a pesquisa e avaliação das vulnerabilidades identificadas e no final gerar um relatório que deverá ser enviado por email

Creating a Standardized Risk Assessment Framework Library for Healthcare Information Technology

Data breaches are occurring at an unprecedented rate. In February 2019 alone, over a million individuals were reported to the United States government as having been involved in a breach of their medical data by healthcare entities. Although many organizations have some policies, procedures and risk management components in place, few (if any) organizations are centrally connecting legal requirements, penetration tests, policies and procedures into a standardized and consistent methodology for further analysis and auditing. This research produces a new open source risk management standardized library coordinating the aforementioned risk management components. The new library is applied to an open source vulnerable web-application example to emphasize the benefits from the adoption of such a public standardized risk assessment library

CARTT: Cyber Automated Red Team Tool

Military weapon systems are often built using embedded, non-IP (Internet Protocol) based computer systems that are not regularly updated and patched due to their isolation. As adversaries expand their capability to exploit and penetrate these systems, we must be able to verify they are not susceptible to cyber-attack. Currently, cyber red teams are employed to assess the security of systems and networks in isolated environments, however, this method can be costly and time-consuming, and the availability of red teams is limited. To address this need and resource shortfall, we have developed the Cyber Automated Red Team Tool (CARTT) that leverages open source software and methods to discover, identify, and conduct a vulnerability scan on a computer system’s software. The results of the vulnerability scan offer possible mitigation strategies to lower the risk from potential cyber-attacks without the need for a dedicated cyber red team operating on the target host or network

Risk in Healthcare Information Technology: Creating a Standardized Risk Assessment Framework

Data breaches are occurring at an unprecedented rate. Between June 2019 and early October 2020, over 564 data breaches affected over 36.6 million patients as posted to the United States Federal government HITECH portal. These patients are at risk for having their identities stolen or sold on alternative marketplaces. Some healthcare entities are working to manage privacy and security risks to their operations, research, and patients. However, many have some procedures and policies in place, with few (if any) centrally managing all their infrastructure risks. For example, many healthcare organizations are not tracking or updating all the known and potential concerns and elements into a centralized repository following industry best practice timetables for auditing and insurance quantification. This chapter examines known and potential problems in healthcare information technology and discusses a new open source risk management standardized framework library to improve the coordination and communication of the aforementioned problematic management components. The healthcare industry would benefit from adopting such a standardized risk-centric framework

Computer-Mediated Communication

This book is an anthology of present research trends in Computer-mediated Communications (CMC) from the point of view of different application scenarios. Four different scenarios are considered: telecommunication networks, smart health, education, and human-computer interaction. The possibilities of interaction introduced by CMC provide a powerful environment for collaborative human-to-human, computer-mediated interaction across the globe

Evaluating the cyber security skills gap relating to penetration testing

Information Technology (IT) is growing rapidly and has become an integral part of daily life. It provides a boundless list of services and opportunities, generating boundless sources of information, which could be abused or exploited. Due to this growth, there are thousands of new users added to the grid using computer systems in a static and mobile environment; this fact alone creates endless volumes of data to be exploited and hardware devices to be abused by the wrong people. The growth in the IT environment adds challenges that may affect users in their personal, professional, and business lives. There are constant threats on corporate and private computer networks and computer systems. In the corporate environment companies try to eliminate the threat by testing networks making use of penetration tests and by implementing cyber awareness programs to make employees more aware of the cyber threat. Penetration tests and vulnerability assessments are undervalued; are seen as a formality and are not used to increase system security. If used regularly the computer system will be more secure and attacks minimized. With the growth in technology, industries all over the globe become fully dependent on information systems in doing their day-to-day business. As technology evolves and new technology becomes available, the bigger the risk becomes to protect against the dangers which come with this new technology. For industry to protect itself against this growth in technology, personnel with a certain skill set is needed. This is where cyber security plays a very important role in the protection of information systems to ensure the confidentiality, integrity and availability of the information system itself and the data on the system. Due to this drive to secure information systems, the need for cyber security by professionals is on the rise as well. It is estimated that there is a shortage of one million cyber security professionals globally. What is the reason for this skills shortage? Will it be possible to close this skills shortage gap? This study is about identifying the skills gap and identifying possible ways to close this skills gap. In this study, research was conducted on the cyber security international standards, cyber security training at universities and international certification focusing specifically on penetration testing, the evaluation of the need of industry while recruiting new penetration testers, finishing with suggestions on how to fill possible gaps in the skills market with a conclusion

Evaluating the cyber security skills gap relating to penetration testing

Information Technology (IT) is growing rapidly and has become an integral part of daily life. It provides a boundless list of services and opportunities, generating boundless sources of information, which could be abused or exploited. Due to this growth, there are thousands of new users added to the grid using computer systems in a static and mobile environment; this fact alone creates endless volumes of data to be exploited and hardware devices to be abused by the wrong people. The growth in the IT environment adds challenges that may affect users in their personal, professional, and business lives. There are constant threats on corporate and private computer networks and computer systems. In the corporate environment companies try to eliminate the threat by testing networks making use of penetration tests and by implementing cyber awareness programs to make employees more aware of the cyber threat. Penetration tests and vulnerability assessments are undervalued; are seen as a formality and are not used to increase system security. If used regularly the computer system will be more secure and attacks minimized. With the growth in technology, industries all over the globe become fully dependent on information systems in doing their day-to-day business. As technology evolves and new technology becomes available, the bigger the risk becomes to protect against the dangers which come with this new technology. For industry to protect itself against this growth in technology, personnel with a certain skill set is needed. This is where cyber security plays a very important role in the protection of information systems to ensure the confidentiality, integrity and availability of the information system itself and the data on the system. Due to this drive to secure information systems, the need for cyber security by professionals is on the rise as well. It is estimated that there is a shortage of one million cyber security professionals globally. What is the reason for this skills shortage? Will it be possible to close this skills shortage gap? This study is about identifying the skills gap and identifying possible ways to close this skills gap. In this study, research was conducted on the cyber security international standards, cyber security training at universities and international certification focusing specifically on penetration testing, the evaluation of the need of industry while recruiting new penetration testers, finishing with suggestions on how to fill possible gaps in the skills market with a conclusion