Discussion Questions

Please answer the following questions with at least 2 apragraphs each please.

• Explain what you believe to be the most important difference between internal and external penetration tests. Imagine you are the manager of an information security program. Determine which you believe to be the most useful and justify your answer.

• From the e-Activity (pasted below), determine whether or not you believe penetration tests are necessary and an integral part of a security program and discuss why or why not. Imagine you are an information security manager. Explicate whether or not you would consider utilizing penetration testing in your environment, and, if so, in what capacity.

  E-Activity ((Go to the SANS Institute Reading Room Website to read the article titled “Penetration Testing - Is it right for you?,” dated 2003, located at http://www.sans.org/reading_room/whitepapers/testing/penetration-testing-you_265 ))

• Explain whether or not you believe ethical hackers have a negative connotation when it comes to their duties. Determine whether or not you believe there should be cause for concern when employing an ethical hacker based on the knowledge of hacking techniques that he / she possesses. Justify your answer.

• Imagine you are an IT security manager for a medium-sized business. Explain how you would approach the subject of ethical hacking to upper management. Discuss how you would portray the importance of ethical hacking and why it is not a bad thing.