Abstract
Vulnerability assessment and penetration testing are the key activities of information security risk management and cyber defense and intelligence done by military organizations. These activities are significant not only in the context of performing military operations, but also in the Inter national Humanitarian Law (IHL) and law enforcement contexts. The application of information technologies in the military and civilian environments increases complexity in the field of risk management. Besides in formation security, military organizations have the task to undertake necessary activities in the fields of cyber operations, both for defense and offense purposes. They depend on technologically based knowledge and skills and are implemented by specific organizations within military systems. The goal of vulnerability assessment is to discover and determine the nature of vulnerabilities, without considering how they may be used for offense, while penetration testing uses exploits for breaching into systems and thus estimates the type and degree of risk these vulnerabilities represent to the system. However, even if they represent two different activities, with different end goals but the same field of interest, they are complimentary and inter-dependent. Since their common feature is development of knowledge and skills based on the same technologies, they are equally important both for risk management, military operations in cyberspace and their use for defense and intelligence activities as well as for IHL.
Highlights
Significance and influence of information technologies in all modern organizational and technical systems is obvious and ever growing
Vulnerability assessment and penetration testing are a central part of all defensive and offensive military activities in cyberspace. They are a key part of a comprehensive process of risk management, without which compliance requirements of any information organization system cannot be achieved
Vulnerability assessment and penetration testing are primarily oriented to information technologies and the way people interact with them
Summary
Significance and influence of information technologies in all modern organizational and technical systems is obvious and ever growing. Military organizations require application of reliable and efficient technical systems for performance of their basic function – defense, both in peace time and during war In modern armies, such characteristics are mostly enabled by the application of independent and embedded information technologies. The information domain consists of physical, information (including logical), and cognitive dimensions or layers (U.S Army Joint Staff, 2014) This means that within the complete cyberspace there are different factors and elements which perform activities and they represent the basis of the cyberspace infrastructure: people, hardware, software, environment, power, networks, payload, and policy (Rauscher, 2004). There is a frequent situation where military forces of foreign governments can attack private companies in other countries, like in the case of Sony (Nakashima, 2014), or that the biggest countries can take legal and political measures against individuals as U.S President Obama ordered in April 2015 (Executive Order: Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities) (Obama, 2015).The consequence of this is increasing the number of potential conflicting actors and extremely complex conflict environments
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
