Knowledge Management Applied in the Comparative Study of the IRETE Intrusion Methodology to Access to the Computer Systems

Abstract

The threats in cyberspace materialize big digital security threats for any organization. New computer incidents are permanently reported, visualizing the advanced technical skills of cybercriminals and the cybersecurity professionals’ response limitations. Most expensive digital security products are based on the treatment of known threats and are vulnerable to new threats known as zero-day attacks. Likewise, the human factor continues to be one of the main weaknesses when deploying IT security strategies and policies. In this way the tests or computer penetration tests are one of the most appropriate techniques to know and establish digital security mechanisms according to each organization. Therefore, the present work analyzes international standards to carry out computer vulnerability tests and proposes a methodology of ethical hacking under the postulates of gratuity and resources availability. Suggestions on the scalability of cybersecurity strategies are presented at the end of the document, considering that each organization is different and requires adaptability in the use of the available infrastructure to manage known and unknown digital risks. IRETE’s research is based on the management that must be carried out in the creation, distribution and appropriation of knowledge, through the methodology that guides the assurance of information through the PenTESTING phases. Likewise, it proposes a process that integrally integrates the collection of information from any operating system, indicating that IRETE generates information more simply and accurately from the inspection, track, examination, testing and exfiltration phases. IRETE presents a complete methodology to approach the knowledge management of a vulnerable system, which allows an in-depth review of the factors that affect the handling of information.