Abstract
The threats in cyberspace materialize big digital security threats for any organization. New computer incidents are permanently reported, visualizing the advanced technical skills of cybercriminals and the cybersecurity professionals’ response limitations. Most expensive digital security products are based on the treatment of known threats and are vulnerable to new threats known as zero-day attacks. Likewise, the human factor continues to be one of the main weaknesses when deploying IT security strategies and policies. In this way the tests or computer penetration tests are one of the most appropriate techniques to know and establish digital security mechanisms according to each organization. Therefore, the present work analyzes international standards to carry out computer vulnerability tests and proposes a methodology of ethical hacking under the postulates of gratuity and resources availability. Suggestions on the scalability of cybersecurity strategies are presented at the end of the document, considering that each organization is different and requires adaptability in the use of the available infrastructure to manage known and unknown digital risks.
IRETE’s research is based on the management that must be carried out in the creation, distribution and appropriation of knowledge, through the methodology that guides the assurance of information through the PenTESTING phases. Likewise, it proposes a process that integrally integrates the collection of information from any operating system, indicating that IRETE generates information more simply and accurately from the inspection, track, examination, testing and exfiltration phases. IRETE presents a complete methodology to approach the knowledge management of a vulnerable system, which allows an in-depth review of the factors that affect the handling of information.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gibson, W.: Neuromancer. ACE, New York (1984)
Choi, K.-S., Toro-Alvarez, M.M.: Cibercriminología: Guía para la investigación del cibercrimen y mejores prácticas en seguridad digital. Bogotá: Fondo Editorial UAN (2017)
Choi, K.: Cybercriminology and Digital Investigation. LFB Scholarly Publishing LLC, El Paso. TX (2015)
RedCiber: Diagnóstico del cibercrimen, delitos informáticos y comportamiento desviado en el ciberespacio en Colombia. Bogotá: RedCiber (2018)
Shoemaker, D., Kennedy, D.: Criminal profiling and cyber-criminal investigations. In: Schmalleger, F., Pittaro, M. (eds.) Crimes of the Internet, pp. 456–476. Prentice Hall, Upper Saddle River, NJ (2009)
Choi, K.: Risk Factors in Computer-Crime Victimization. LFB Scholarly Publishing, El Paso, TX (2014)
IC3: Annual Report on Internet Crime 2004. Internet Crime Complaint Center. Recuperado el 15 de Agosto, 2015 de (2005). https://www.ic3.gov/media/annualreports.aspx
IC3: Internet Crime Report. Internet Crime Complaint Center. Recuperado el 15 de Agosto, 2015 de (2009). www.nw3c.org/docs/downloads/2008_ic3_annual-report_3_27_09_small.pdf
IC3: Annual Report on Internet Crime Released. Internet Crime Complaint Center. Identity Theft 2013 Bureau of Justice Statistics. U.S. Government Printing Office (2014)
IC3: Annual Report on Internet Crime Released. Internet Crime Complaint Center. Identity Theft 2014 Bureau of Justice Statistics. U.S. Government Printing Office (2015)
Toro-Alvarez, M.M.: Programa de entrenamiento integral de prevención y contención del cibercrimen contra niños, niñas y adolescentes. Bogotá. Escuela de Postgrados de Policía (ESPOL) (2018)
APWG: The Global Phishing Survey. Anti-Phishing Working Group. Recuperado el 1 de mayo, 2010 (2009)
Barber, R.: Hackers profiled: ¿Who are they and what are their motivations? Comput. Fraud Secur. 2001(2), 14–17 (2001). https://doi.org/10.1016/S1361-3723(01)02017-6
Comando de entrenamiento y doctrina del ejército estadounidense: DCSINT Handbook No. 1.02, Critical Infrastructure Threats and Terrorism. Recuperado el 10 de agosto, 2010, de (2006). https://fas.org/irp/threat/terrorism/sup2.pdf
García, L.E., Gómez, C.P., Cortés, Y.L.: Policing Strengthen for knowledge society challenges: Series 1-Policing Beliefs, 11, December, 2018. Technical report PSKSC-S1-20181211, p. 14 (2018). https://doi.org/10.13140/RG.2.2.23479.57766. https://www.researchgate.net/publication/329574001_Policing_Strengthen_for_knowledge_society_challenges_Series_1-Policing_Beliefs
Valdez, A.: OSSTMM 3. RITS. Revista de Inf. Tecnol. y Soc. 8, 29–30 (2013)
NIST: Special publication 800-42. Computer security resource center. Disponible en (2003). https://csrc.nist.gov/publications/detail/sp/800/final
NIST: Federal guidelines for searching and seizing computers, Recommendations of the National Institute of Standards and Technology. National Institute of Standards and Technology. Recuperado el 23 de marzo, 2015, de (2006). http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-86.pdf
Symantec: Corporate profile. Recuperado el 1 de mayo, 2010, de (2016). http://www.symantec.com/about/profile/index.jsp
Liu, B., Shi, L., Cai, Z., Li, M.: Software vulnerability discovery techniques: a survey. In: Multimedia Information Networking and Security (MINES), 2012 Fourth International Conference on, pp. 152–156, IEEE, November, 2012
Microsoft: Microsoft, the FBI, Europol and industry partners disrupt the notorious ZeroAccess botnet. Microsoft News Center. Recuperado de (2013). https://news.microsoft.com/2013/12/05/microsoft-the-fbi-europol-and-industry-partners-disrupt-the-notorious-zeroaccess-botnet/
Motta, D., Toro-Alvarez, M.M.: Social innovation articulators to counter threats to public safety (2017). https://doi.org/10.22335/rlct.v8i2.315
Wilson, C.: Computer Attack and Cyberterrorism: Vulnerabilities and policy issues for Congress, Congressional Research Service Report for Congress (2005)
De La Espriella, L., García, J., Díaz-Piraquive, F.N.: La sextorsión: prácticas de ingeniería social en las redes sociales. In: “Desafíos en Ingeniería: Investigación Aplicada” Ediciones Fundación Tecnológica Antonio Arévalo TECNAR (2019)
Pineda, S., Matta, J., Torres, J., Díaz-Piraquive, F.N.: Blockchain: estrategia en la seguridad e integridad de los sistemas de información de la policía nacional. In: “Desafíos en Ingeniería: Investigación Aplicada” Ediciones Fundación Tecnológica Antonio Arévalo TECNAR (2019)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Diaz-Piraquive, F.N., Ortiz-Ruiz, E., González-Aragón, J.J., Avila-Bermeo, H.H., Parada-Jaimes, W.D. (2021). Knowledge Management Applied in the Comparative Study of the IRETE Intrusion Methodology to Access to the Computer Systems. In: Uden, L., Ting, IH., Wang, K. (eds) Knowledge Management in Organizations. KMO 2021. Communications in Computer and Information Science, vol 1438. Springer, Cham. https://doi.org/10.1007/978-3-030-81635-3_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-81635-3_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-81634-6
Online ISBN: 978-3-030-81635-3
eBook Packages: Computer ScienceComputer Science (R0)