Ethical Hacking is a proactive approach to Information Security. It consists of reliability, integrity and security testing of your computer system or network by using methodologies of real hackers. This approach can be perfectly combined with a corporate DLP (Data Leakage Prevention) system.
Ethical hacking is generic term that defines different security services such as Penetration Tests. Penetration Test is a simulation of various types of hackers attacks on corporate network, ERP system, SCADA system, e-banking portal, corporate website, server, wireless network or device, notebook or even a mobile phone.
Penetration Testing is divided into three main groups: Internal Penetration Testing (which is performed from internal network of a company), External Penetration Testing (which is performed from the Internet or an external network) and Hybrid Penetration Testing (combination of the internal and external ones, for example an attack launched from a stolen portable computer or mobile device).
Various methodologies of Penetration Test exist, the most known are: Black Box, White Box and Grey Box. Different Penetration Testing standards are represented by PCI DSS, OWASP, LPT, OSTTMM and other world-recognized standards.
Another security service is Security Audit, that is less intrusive than a Penetration Test, and consist of scientific and administrative approaches to information security. During a Security Audit certified security analysts are collaborating with IT department of a client and act like auditors, but not like hackers. Security Auditing is a more formal approach to corporate IT Risk Management.
Various security certifications exist for Ethical Hacking companies and certified security experts, the most known are: EC-Council Licensed Penetration Tester, EC-Council Computer Hacking Forensic Investigator, EC-Council Certified Ethical Hacker, EC-Council Certified Security Analyst, ISC2 Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA).
Information Security companies that offer ethical hacking, information risk management, source code review, post-incident forensics, malware analysis, security training, ISO 27001 certifications, security consulting, vulnerability scanning and management should be certified by such certifications.
Regular usage of Ethical Hacking services significantly reduces your corporate information security risks, and prevent your corporate PCs becoming zombies in various botnets, sending spam or performing DDoS attacks.
Ethical Hacking in Switzerland was introduced by ilionsecurity.ch in 2002.