Essay: Ethical Hacking - Advantages And Setbacks In 70 Characters.

Computing security and hacking

The domain of ethical computing has been brought to the focus of global audience since the applications of computing practices and tools have been deeply embedded in the daily lives of people. The prominent increase in the utilization of computer based systems and the drastic growth of the internet creates opportunities for potential outcomes in sectors such as e-commerce, e-mail, online banking and video conferencing activities. However, the implications for safeguarding the computer networks of organizations from external attacks are profoundly observed in the domain of business management.

Hence the requirement of ethical hacking has become a major trait for testing the flaws of a system and expounding on them to obtain remedial measures (Abernethy, et al., 2013). On one hand, ethical hacking provides viable insights into the anticipation of issues through the applications of penetration testing and on the other; it also creates concerns pertaining to the misuse of the ethical hacking for inappropriate applications.

The following essay argues on the possible outcomes associated with the provision of flexibility to programmers for engaging in hacking activities rather than considering the activities as criminal in nature. Critical argument from both sides of the debate would be inclined towards illustration of the advantages of criminalization of hacking activities as well as the provision of facilities to programmers for skill enhancement and the pitfalls to present a comprehensive overview of the selected topic (Altmann, et al., 2013).

As discussed earlier, the proliferation of internet and the rapid growth of internet applications lead to concerns for lower online security. It is also detrimental to observe that the slow pace of developing initiatives to protect the computing systems from hacking attacks. As per Burmeister, 201, hacking is associated with the detrimental consequences such as inhibiting the development of networks and systems which are comprehensively associated with the utilization of confidential or sensitive information. Classification of different hackers into white, black and gray dimensions suggests the variable implications of hacking in the professional environment.

White Hats are associated with the processes of ethical identification of security analysis outcomes within the legal barriers while Black Hat hackers are associated with the use of their skills for malicious purposes (Burmeister, 2016).  Gray Hat hackers are generally ambiguous and it is difficult to estimate their inclination for the security measures which varies according to the situation.

As per Elder, Gray hats are known for responding to varying scenarios leading to the outcomes of defensive or offensive performance. Therefore the requirement of measures and initiatives to safeguard the information technology assets in the organization could be profoundly observed in context of ethical hacking. Ethical hacking can be considered as the study of hacking or a methodology that dictates the efficiency of efforts implemented by administrators and professionals to provide appropriate security in the networks (Elder, 2014). It can also be considered as a generic term for initiatives implemented for identifying the vulnerabilities in the operating environments of the existing information systems. The review of literature predicts the existence of two prime approaches to ensure instructions on computer security which are characterized with distinct competences.

Ethical hacking and advantages

The provision of theoretical instructions pertaining to the security of computing systems is one of the methods while the use of practical experiential learning through laboratory components can be accounted as the second factor influencing the instruction of computer security. The implications for encouraging programmers to emphasize on hacking activities in order to improve their skills could be determined on the grounds of established advantages and cons of the methods implemented in ethical hacking for obtaining computing security objectives (Garcia, 2014).

Hence it is imperative to conduct an argumentative debate over the positive implications that can be obtained from comprehensive education of programmers in hacking activities and the potential setbacks that could arise due to training of programmers.

According to Goda, Riemenschneider & Renwick, the function and nature of ethical hacking can be perceived comprehensively through the references to literature pertaining to computing system management and security. Ethical hackers are required to find the bugs and fix them through the use of network scanning thereby suggesting the potential for considering ethical hacking as a discipline in the domain of ethical information management. The debate over the good and bad implications of ethical hacking has been a major concern for organizations in context of the measures needed to establish ethical hacking (Goda, Riemenschneider & Renwick, 2016, September).

Teaching the various aspects of ethical hacking to programmers can be reflective of negative outcomes such as the perception of course leaders indicating the development of interest among programmers for intrusive behaviour. Estimation of the instances directed towards the breach of computing information systems in various sectors such as finance, healthcare, government and retail sector is not only indicative of profound media attention but also of the concerns of organizations to review their security control frameworks.

As per Goodman & Meslin, organizations have spent considerable resources in the measures to apprehend the threats to the integrity, confidentiality and availability of sensitive information which could be leveraged for designing remedial measures that are aligned with the specific nature and objectives of the organization (Goodman & Meslin, 2014). Therefore the training of programmers in ethical hacking could be largely considered as a credible influence on the prospects for improving security of the information technology infrastructure found in an organization.

Penetration testing is the most cognizably implemented resource in ethical hacking which requires the services of specialists in ethical hacking. Therefore the organization has to bear additional investments for hiring the services of specialists alongside depicting the pitfalls of the inability of specialists to align with organizational requirements and objectives. A concise evaluation of the process of penetration testing would be helpful in determining the feasibility of encouraging programmers to engage in hacking. The process of penetration testing is associated with the institution of a hacking simulation that leads to description of an event which is considerably similar to the real attacks occurring. The simulation is intended for determining the resilience of the system towards cyber security threats as well as formulating appropriate solutions to the observed issues.

Ethical hacking and setbacks

Education of programmers in hacking should be directed towards the study of penetration testing that is reflective of the essential requirements for educational qualification, theoretical information and available competences (Harada & Watanabe, 2016). The proficiency of penetration testing could be observed in capitalizing on the existing competences of programmers in coding and professional computing and IT courses.

Programmers could be able to acquire an impression of the variable security states of a particular computing or information system through the implementation of real world intrusion methods which are generally used by Black Hat hackers and Gray Hat hackers on certain occasions. Programmers can gain promising insights into the application of their creativity and social engineering competences to obtain comprehensive outcomes in the form of creative techniques as well as identify the vulnerable dimensions of the system alongside developing suitable defence mechanisms. The essential benefits which could be associated with the acquisition of hacking skills by programmers can be noticed in the vulnerability analysis applications, threat modelling, pre-engagement interactions, comprehensive exploitation, post exploitation and intelligence gathering. Programmers could acquire comprehensive abilities to evaluate the existing policies, procedures, controls and preventive measures for computing system security.

The capabilities of programmers acquired through involvement in ethical hacking activities of penetration testing reflect on the opportunities for determining additional countermeasures for security in case of cyber breach incidents (Harrison, 2015). The prominent outcomes which could be derived from the engagement of programmers in hacking relate to the mitigation of security concerns right in the bud where it originates as programmers could be able to make changes in the source code and identify safeguarding measures for computing and information systems in the organization as well as preserve the integrity, confidentiality and availability of the computing networks as well as the relevant data associated with them. Penetration testing could also be classified into three distinct systematic approaches in which the testers are characterized by different traits such as black box, white box and gray box testing.

The black box testing is reflective of minimal provision of knowledge pertaining to the target to the tester while the white box testing is associated with the necessity for complete disclosure regarding the source code and a precise identification of target (Hew, 2016). The grey box penetration testing approach is related to the partial disclosure of information leading to implications of minimal availability of information to realize the beneficial outcomes of ethical hacking. Programmers can leverage their comprehensive knowledge of the source code to obtain distinct advantages of applying white box testing reflecting on the acquisition of opportunities for obtaining feasible outcomes from the prior knowledge of target and the source code.

While the prospects of engaging programmers in hacking activities seem to be favourable, the implications of ethical and legal concerns could account for identification of critical gaps of the measure. As per Woolley, the domain of computer ethics is reflective of the essential references to the belongingness of information to everyone alongside the exclusion of restraints or boundaries which prevent the dissemination of information (Woolley, 2015). Hackers perceive the basic interpretation of the computer ethics to validate their intrusion in source codes and the target programs. Therefore the ethical position of hacking has been subject to ambiguities that could lead to disadvantageous aspects for the application of ethical hacking for programmers.

The concerns for estimating the long term implications of the hacking skills learned by programmers could be formidably observed with respect to the uncertainty. Uncertainty is validated on the grounds of confusion that is associated with the application of the hacking skills learnt by programmers in defensive as well as intrusive activities in the future (Johnson, 2014). Ethically, the intrusion into the privacy of an individual could be largely considered as a criminal offence and the outcomes that can be related to the involvement of programmers in the hacking activities could not be validated as ethical.

Organizations can expect programmers to implement the hacking skills for identification and analysis purposes with respect to the system while neglecting the consideration for beneficial information. If the programmers find that the information mined in the testing phase could be implemented for personal use, then the ethical obligations of the programmer can be questioned. It cannot be argued explicitly that the programmers have an inherent obligation to refrain from unethical application of the hacking knowledge (Kerven & Meso, 2016).

Some of the prominent setbacks which could be observed in the application of measures by organizations to involve programmers in the hacking activities that contributes to the improvement of skills of the programmers (van der Sloot, 2016). The identification of potential disadvantages that can be encountered in context of such an initiative is essential to support the argumentative discussion illustrated in this essay. The programmers could not be accountable for complete security audits and are able to identify all security issues involved in the computing system.

Therefore the ethical implications for the involvement of programmers in hacking activities could be apprehended conclusively on the grounds of presenting a false sense of security. The concerns for an organization could arise especially in context of the monitoring of individual programmers and their interactions with the internal computing systems in an organization after acquisition of hacking skills (Sar & Al-Saggaf, 2014). It is imperatively observed that the requirement of resources is intensively felt in case of realizing the supervision of programmers and their actions which leads to the ethical concerns for replacing the services of consultant specialists by helping programmers to learn hacking skills. The implications of a simulation can be reliably assumed as a formidable implication towards negative impact of programmers acquiring competences in hacking.

The most noticeable drawback that can be perceived with respect to the argumentative essay reflects on the scepticism pertaining to the provision of opportunities to programmers for interacting in hacking activities. The prolific arguments drawn forward in support of the involvement of programmers in hacking activities could be negated on grounds of apprehensions related to the unethical application of hacking techniques to utilize the information in malicious initiatives (Stahl, 2016).

Conclusion:

The essay provided an illustration of the possible advantages that could be derived from the participation of programmers in hacking activities and the possible disadvantages that could deter the ethical implications of hacking. It can be concluded from the essay that the programmers should be supervised appropriately after acquisition of hacking competences in order to ensure ethical application of the skills.  

References 

Abernethy, A.P., Durham, N.C., Yu, P.P. and Shulman, L.N., 2013. Improving Cancer Care through Health Information Technology: Ethics and Practicality.

Altmann, J., Asaro, P., Sharkey, N. and Sparrow, R., 2013. Armed military robots: editorial. Ethics and Information Technology, 15(2), pp.73-76.

Burmeister, O.K., 2016. The development of assistive dementia technology that accounts for the values of those affected by its use. Ethics and Information Technology, 18(3), pp.185-198.

Elder, A., 2014. Excellent online friendships: An Aristotelian defense of social media. Ethics and Information Technology, 16(4), pp.287-297.

Garcia, C.M., 2014. Information Technology Ethics-The Future of Our Jesuit Education. Jesuit Higher Education: A Journal, 3(2), p.4.

Goda, B., Riemenschneider, C. and Renwick, J., 2016, September. Panel Discussion: Teaching Ethics in the Information Technology Curriculum. In Proceedings of the 17th Annual Conference on Information Technology Education (pp. 65-65). ACM.

Goodman, K.W. and Meslin, E.M., 2014. Ethics, information technology, and public health: duties and challenges in computational epidemiology. In Public Health Informatics and Information Systems (pp. 191-209). Springer London.

Harada, E. and Watanabe, Y., 2016. Social skills training including education on information technology ethics. International Journal of Psychology, 51, p.494.

Harrison, T., 2015. Virtuous reality: moral theory and research into cyber-bullying. Ethics and Information Technology, 17(4), pp.275-283.

Hew, P.C., 2016. Preserving a combat commander’s moral agency: The Vincennes Incident as a Chinese Room. Ethics and Information Technology, 18(3), pp.227-235.

Johnson, J.A., 2014. From open data to information justice. Ethics and Information Technology, 16(4), p.263.

Kerven, D. and Meso, P., 2016. Adding a Student Research Component to an Information Technology Ethics Course.

Sar, R.K. and Al-Saggaf, Y., 2014. Contextual integrity’s decision heuristic and the tracking by social network sites. Ethics and Information Technology, 16(1), pp.15-26.

Stahl, T., 2016. Indiscriminate mass surveillance and the public sphere. Ethics and Information Technology, 18(1), pp.33-39.

van der Sloot, B., 2016. Special Issue: Privacy, ethics and information technology Introduction.

Woolley, D.J., 2015. The association of moral development and moral intensity with music piracy. Ethics and Information Technology, 17(3), pp.211-218.