Ethical Overflow - A new focus on Cyber Security

Ethical Hacking - Salaries and trend.

    A survey done by the International Data Corp (IDC) says that the worldwide demand for information security professionals stands at 60,000 and companies such as Wipro, Infosys, IBM, Airtel and Reliance are always looking for good ethical hackers.

    In the United Kingdom, the following trends have been seen for demand and salaries of ethical hackers.

    The above chart provides the 3-month moving total beginning in 2004 of permanent IT jobs citing Ethical Hacking within the UK as a proportion of the total demand within the Processes & Methodologies category [8].

    The above chart provides the 3-month moving average for salaries beginning in 2004 of permanent IT jobs citing Ethical Hacking within the UK [8].

    The average salary for an ethical hacker in the United Kingdom is approximately 56,000 pounds which is approximately CAN$102,000[8].

    Controversy

    Although there are benefits to teaching and employing ethical hacking techniques, there are problems that lead some to question the practice. It is feared that schools may be teaching dangerous skills to students that are unable to make correct decisions on how to use them.

    Marcus J. Ranum, a computer security professional has openly objected to the term ethical hacker, saying "There's no such thing as an 'ethical hacker' - that's like saying 'ethical rapist' - it's a contradiction in terms" [9]. A significant part of the controversy surrounding ethical hacking arises from the older definition of hacker and its association with the idea of a computer criminal. However, some organizations do not seem to mind the association and have had a significant increase in careers where CEH and other ethical hacking certifications are preferred or required.

    Ethical Issues

    One of the concerns about teaching ethical hacking is that the wrong people may be taught very dangerous skills. Hacking skills were traditionally acquired by many hours of practice or intense tutoring from another hacker. University programs and commercial training classes are now offering a new way for aspiring hackers to learn how to penetrate systems. Teaching students how to attack systems without providing ethical training may be teaching criminals and terrorists how to pursue their illegal activities. Some individuals have compared teaching ethical hacking to undergraduate students to handing them a loaded gun [10].

    Legal Liability

    Adding ethical hacking to a curriculum raises a variety of legal issues where schools and faculty members may be held responsible for the actions of their students. The use of many hacking tools outside of an isolated test network may be illegal. By allowing unmonitored hacking sessions, the school or faculty member may be allowing a breach of the law or violation of software licensing agreements. In a case of The United States versus Morris, a judge determined that the Computer Fraud and Misuse Act (18 USC 1030) applies to educational institutions and that an individual is liable for the accidental release of malware. The schools that facilitated the creation of malware would be liable for damages from malware released from their labs [10].

    Forcing Services and Information on Organizations and Society

    Sometimes ethical hackers operate without the permission or knowledge of the owners of a system. The rationale given for this is that they are only testing security and do not intend to cause damage or compromise any individual’s privacy. However, ethical hackers may be able to uncover information about Web sites and applications that the owners of these sites and applications do not want uncovered. The situation is compared to finding a note on your refrigerator informing you that "I was testing the security of back doors in the neighborhood and found yours unlocked. I just looked around. I didn't take anything. You should fix your lock." This situation is what leads to the necessity for a proper test plan and strict guidelines for following it [10].