A study on integrating penetration testing into the information security framework for Malaysian higher education institutions

摘要

With the rapid development of information technology, hackers are provided powerful tools and therefore ensuring the security of the information is becoming a complex task. Using hacking tools and techniques also known as penetration testing or ethical hacking can contribute to mitigate the security risks. However, due to the misinformation on penetration testing, some managers refused to adopt this arm to protect their information against hackers. As a result, in Malaysian Higher Education Institutions domain, the number of victims of hackers keeps increasing considerably. The research objectives are to enable a paradigm shift on higher management level on penetration testing as part of the essential IT security components. To demonstrate how penetration testing contributes to improve the security. To provide security managers and top managers a positive vision of pen-testing through a revised security framework based on an existing one. This research will be carried out qualitatively and quantitatively, and its output will be based on numeric analysis, case study, survey and literature reviews.