1- What is ethical hacking and what are its pros and

cons? (250 words)

An ethical hacker, also referred to as a white hat hacker, is an information security (infosec) expert who
penetrates a computer system, network, application or other computing resource on behalf of its
owners -- and with their authorization. Organizations call on ethical hackers to uncover potential
security vulnerabilities that malicious hackers could exploit.

The purpose of ethical hacking is to evaluate the security of and identify vulnerabilities in target
systems, networks or system infrastructure. The process entails finding and then attempting to exploit
vulnerabilities to determine whether unauthorized access or other malicious activities are possible.

Pros of Ethical Hacking

 This helps to fight against cyber terrorism and to fight against national security breaches.

 This helps to take preventive action against hackers.

 This helps to build a system that prevents any kinds of penetration by hackers.

 This offers security to banking and financial establishments.

 This helps to identify and close the open holes in a computer system or network.

Cons Of Ethical Hacking

Following are the disadvantages of Ethical Hacking as follows.

 This may corrupt the files or data of an organization.

 They might use information gained for malicious use. Subsequently, trustful programmers are
expected to have achievement in this framework.

 By hiring such professionals will increase costs to the company.

 This technique can harm someone’s privacy.

 This system is illegal.

2- Explain the component of a plan in place to manage

the cyber security risk and explain its importance?
(250 words)
The security plan is defined to be a major element with an effective cyber security program that could in
turn identify the responsibility of security identifying the key application, processes as well as systems
which could possibly be threat/risk and there is where one could identify the necessary security policy
for supporting the objective.
1. Identify

This function entails determining an organization’s critical functions and what cybersecurity risks could
disrupt those functions. Additionally, detecting current risks, existing digital assets, and organizational
roles are all essential elements of this step. This function’s purpose is to establish an organizational
understanding of the management of cyber risks to an organization’s sensitive information and
capabilities.

2. Protect

The next function, protect, defines the relevant safeguards required to deliver critical infrastructure
services. As soon as critical functions are identified, the organization can prioritize them and prioritize
their cybersecurity efforts accordingly. Simply put, this function reinforces the organization’s capability
to minimize any effect resulting from a
cybersecurity incident.

3. Detect

The organization must have the relevant measures in place to be able to promptly identify cyber risks
and other incidents. This function mainly includes continuous monitoring and threat hunting to timely
identify any unusual activity or anomalies.

4. Respond

This function is about implementing relevant measures concerning a detected cybersecurity incident
and aids an organization’s ability to accommodate its impact. For example, response planning, analysis,
mitigation are some of the techniques that can contain impacts of cyber incidents.

5. Recover

Finally, an organization needs a strategic plan to restore any capabilities or services that were damaged
as a consequence of a cybersecurity incident. According to NIST, the examples of outcome categories
within this function entail:

 Making sure the organization implements recovery planning procedures to restore systems or
assets damaged by cybersecurity incidents;

 Implementing improvements based on lessons learned and reviews of existing strategies.

One should keep the data security plan and policy as that is the only way where we could reduce the risk
and it is indeed necessary for providing the compliance where the policy is severely out of date, then
human, technology and the regulatory risk might get skyrocketed. The annual review for data security
policy is to be kept properly and the policy are to be reviewed.
 3- Explain the relation between leadership, core
values, IT governance, and the University
governance? (200 words)
IT governance is a concept in which various meanings have been used to define it. According to the IT
Governance Institute, the term can be defined as “an integral part ofenterprise governance and consists
of the leadership and organizational structures and processes ensure that the organization’s IT sustains
and extends the organization’s strategies and objectives. However, Peter Weill and Jeanne Ross define
IT governance as “specifying the decision rights and accountability framework to encourage desirable
behavior in using IT. Despite differences in the definition of IT governance, IT governance mechanisms in
general consist of structures, processes, and relational mechanisms to enhance business/IT alignment,
and associations between IT governance mechanisms and IT governance performance

Leadership maximizes productivity, shapes and promotes a positive and harmonious culture. IT
leadership involves taking the initiative to undertake new methods without being afraid of failure; this is
very important in order to cope with the multifaceted technological changes in the IT industry. It is
about building capabilities to turn technology into business solutions that enable the business to achieve
its objectives and strategy.

An IT leader not only possesses wide-ranging leadership skills but has detailed technology-related
knowledge about the mediums, tools, strategies, and competencies existing in this culture. An IT leader
also has the knowledge on how to utilize and assess these tools, and also has the awareness of the
impact of these tools on the future of the organization

4- Who are the stakeholders in this case, and did they

act ethically? (200 words)
Who are the stakeholders in this case, and did they act ethically. In the case stakeholders are

 IT Director of a University in the GCC countries

 VP for academic affairs
 President of the University.

The IT Director informed the VP in a face-to-face meeting to avoid sharing his proposed strategy with
the hacker. Eventually, the University top management approved the strategy.

The foundation of all security systems is formed by the moral principles and practices of those people
involved and the standards of the profession. That is, while people are part of the solution, they are also
most the problem. Security problems with which an organization may have to deal include: responsible
decision-making, confidentiality, privacy, piracy, fraud & misuse, liability, copyright, trade secrets, and
sabotage. It is easy to sensationalize these topics with real horror stories; it is more difficult to deal with

the underlying ethical issues involved. Confidentiality is a key ethical issue in cybersecurity. Security
professionals will, by the nature of their profession, see and handle personal, private or proprietary
information that should be kept strictly confidential. People working in these fields may be tempted to
reveal whatever juicy gossip they discovered while running a virus scan on somebody’s hard drive, but
doing so could ruin that person’s career or personal life. Cybersecurity professionals should follow what
has been called the “butler’s credo”: The butler never tells.

What should be done by IT after their system had been

hacked in this case? (250 words)
Prevention is an essential part of cybersecurity efforts, the way univeristy respond following a hacking is
just as important with regard to how it impacts organization.

Disconnecting the computer from the local network prevents a potentially untrusted source from taking
further actions on the compromised computer. This also prevents any further leakage of Non-public
information if that is a potential concern. Shutting down the computer would also have this effect but
could destroy evidence that is essential to investigating the compromise. Similarly, rebuilding the
computer would destroy all evidence pertinent to an investigation.

As soon as an individual suspects that a computer has been crompromised, they should contact the
Information Security Office immediately by phone prior to taking any additional action. The Information
Security Office will conduct a preliminary investigation prior to determining the best course of action for
the Compromised Computer. While waiting further instructions, do not share any details related to the
compromise unless absolutely necessary. Additionally, do not attempt to contact law enforcement
officials. Such communication must be coordinated with the Information Security Office and the Office
of General Counsel due to the potential legal implications of a compromised computer.

If the hacked computer provides some type of service, it is likely that users of this service will be
impacted by the interruption brought on by disconnecting the computer from the network. These users
should be notified in some manner of the interruption. Options for notification may include an email to
the user base or posting a notice to a frequently visited web site. As stated previously, the details of a
compromise and the ensuing investigation should be kept confidential. Therefore, the notification of
service interruption should not indicate that there has been a compromise.