AIS Homework

I believe it is important IT governance committees are compromised of top level managers because of the competence of the personnel. You do not want just anyone on the street coming in and working in your IT department. Top level managers are usually giving their roles because they are able to lead and no their job well. Managers would be able to feel out who s suitable for the position for the IT department rather than just one person in the IT department getting someone the job just because they know them. I believe a group of top managers who agree on someone to be a integral part of the IT department would have a better chance of finding the right people for the job rather than just a regular manager.
54. (SO 2) Using a search engine, look up the term “penetration testing.” Describe the software tools you find that are intended to achieve penetration testing. Describe the types of systems that penetration testing is conducted upon.
The software tools that I was able to find were:
Metasploit is an open source platform for developing and testing exploits. It's available for both Unix and Windows systems. This is a far more advanced tool than the others on this list, and requires more programming knowlege to run and use. The advantage is that a specific exploit can be fully demonstrated to exist, rather than noted as a potential vulnerability. This platform runs payloads, shellcode, and remote shells--you will actually penetrate the target. Servers can and will crash!
Nessus -Tenable Network Security offers Nessus as a free scanner for non-commercial use, with a subscription license required for commercial organizations. Nessus has long been a favorite vulnerability scanner for people due to its speed, accuracy, and depth. Large vulnerability libraries can mean long times for scans. Currently there are over 28K plugins available, with automatic updates possible for new plugins. Nessus 4 is one of the fastest scanners used.
Nikto is an Open Source web server