Training information security professionals carries the risk of training ethical and malicious hackers side-by-side. This paper defines ethical hacking, differentiates it from malicious hacking, presents some of the ways that ethical hacking is taught, identifies some of the risks associated with this training, and concludes with suggestions on how to minimize these risks. . . .
Training information security professionals carries the risk of training ethical and malicious hackers side-by-side. This paper defines ethical hacking, differentiates it from malicious hacking, presents some of the ways that ethical hacking is taught, identifies some of the risks associated with this training, and concludes with suggestions on how to minimize these risks.

Introduction

Events that occurred on September 11, 2001 along with the ongoing war in Iraq have caused a heightened interest in the field of Information Security. Visiting a computer section in a store such as Barnes and Nobles reveals an increase in the number of books about Information Security. The National Security Agency is looking to increase the number of new hires by 1,500 per year for the next five years. Searching Internet job databases reveals new security positions that require professional security certifications. An Internet search using Google.com revealed 22 such certifications.

There has never been a time when it was easier to learn about hackers and their methods of operation. Many colleges now offer Information Security courses and degrees. It is clear that information security and hacking are "buzz" words at present. The intent of information security training is to improve information security and to educate information security professionals, e.g. ethical hackers. However, providing this "knowledge" in readily available and encapsulated formats presents the hazard of educating not only ethical security professionals but also malicious hackers.

The link for this article located at ebcvg.com is no longer available.