IDEAS home Printed from https://ideas.repec.org/a/gam/jsusta/v15y2023i13p10471-d1185857.html
   My bibliography  Save this article

Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods

Author

Listed:
  • Kamal Uddin Sarker

    (Informatics, FTKKI, Universiti Malaysia Terengganu, Kuala Terengganu 21030, Malaysia)

  • Farizah Yunus

    (Informatics, FTKKI, Universiti Malaysia Terengganu, Kuala Terengganu 21030, Malaysia)

  • Aziz Deraman

    (Informatics, FTKKI, Universiti Malaysia Terengganu, Kuala Terengganu 21030, Malaysia)

Abstract

Cyber attackers are becoming smarter, and at the end of the day, many novel attacks are hosted in the cyber world. Security issues become more complex and critical when the number of services and subscribers increases due to advanced technologies. To ensure a secure environment, cyber professionals suggest reviewing the information security posture of the organization regularly via security experts, which is known as penetration testing. A pen tester executes a penetration test of an organization according to the frameworks and standardization guidelines. Security breaches of the system, loopholes in OS or applications, network vulnerabilities, and breaking data integration scopes are identified, and appropriate remediation is suggested by a pen tester team. The main aim of a penetration process is to fix the vulnerabilities prior to the attack in tangible and intangible resources. Firstly, this review work clarifies the penetration conception and is followed by the taxonomy of penetration domains, frameworks, standards, tools, and scoring methods. It performs a comparison study on the aforementioned items that develops guidelines for selecting an appropriate item set for the penetration process according to the demand of the organization. This paper ends with a constructive observation along with a discussion on recent penetration trends and the scope of future research.

Suggested Citation

  • Kamal Uddin Sarker & Farizah Yunus & Aziz Deraman, 2023. "Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods," Sustainability, MDPI, vol. 15(13), pages 1-26, July.
  • Handle: RePEc:gam:jsusta:v:15:y:2023:i:13:p:10471-:d:1185857
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2071-1050/15/13/10471/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/2071-1050/15/13/10471/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Hamed Taherdoost, 2022. "Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview," Post-Print hal-03741854, HAL.
    2. Riza Azmi & William Tibben & Khin Than Win, 2018. "Review of cybersecurity frameworks: context and shared concepts," Journal of Cyber Policy, Taylor & Francis Journals, vol. 3(2), pages 258-283, May.
    3. Hamed Taherdoost, 2022. "Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview," Post-Print hal-03741855, HAL.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Nur Afiqah Md Amin & Nurul Iffah Ghazali & Nurul Najihah Hassan & Nur Aisyah Ramlan & Nur Maisara Sofea Abdul Rahman & Sarah Lailatulhuda Sharifudin, 2024. "Cyber-Laundering and Its Impacts on Auditors: A Conceptual Paper," Accounting and Finance Research, Sciedu Press, vol. 13(2), pages 1-24, May.
    2. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    3. Monaco, Roberto & Bergaentzlé, Claire & Leiva Vilaplana, Jose Angel & Ackom, Emmanuel & Nielsen, Per Sieverts, 2024. "Digitalization of power distribution grids: Barrier analysis, ranking and policy recommendations," Energy Policy, Elsevier, vol. 188(C).
    4. Hamed Taherdoost, 2022. "Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview," Post-Print hal-03741855, HAL.
    5. Hamed Taherdoost, 2022. "Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview," Post-Print hal-03741854, HAL.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jsusta:v:15:y:2023:i:13:p:10471-:d:1185857. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.