الفهرس 
List Of ContentsOnly 14 pages are availabe for public view
 |  | from | 146 |  |  |
| | | from | 146 | | |
Abstract
Regarding the huge spread of technology among individuals and enterprises, technologies and electronic communications become one of the most important pillars of the operation of small and large enterprises alike, and the source of education and entertainment for individuals, as well as interest in electronic warfare and its adoption as one of the weapons between countries and also between individuals and institutions, this led to thinking about the risks of reliance on this technology and the impact on the economic index of enterprises market, reputation and the safety of individuals and enterprises, these fears forced the experts and decision-makers to think about information security and develop new methods to measure and assess the level of protection of information and data in enterprises and privacy of individuals. This thesis introduces a comprehensive discussion and reviews analysis of recent cyber-security measuring and assessment methodologies and tools based on industry best practices for the measure and assesses of network security and protection of a modern enterprise data network. The analysis is based on studying the methods for the measurement and assessment of information security at the physical and technical level, penetration testing and identification of weaknesses in the cyber-security system are tested and compared, and policies used in modern enterprises. A comprehensive description of the strengths, weaknesses, and licensing conditions for each tool is presented. Moreover, major security requirements associated with modern enterprises is discussed and analyzed to discover a vulnerability in the existing systems and explain the potential impact of this vulnerability. This thesis presents a set of cyber security examination tools that were selected based on their prevalence, popularity, and availability of support elements from the information security and developer community, in the end, the thesis evaluated these tools in terms of accuracy metric by using samples of vulnerabilities derived from researchs and previous studies and conducting a penetration test for each tool, recording the results and comparing them with the actual results, then calculating the accuracy metric, which reaches 88% as in port scanning tools, 75% in vulnerability scanners, 57% in Network eavesdropping tools, 78% in database vulnerability scanners. In this thesis, an experiment was conducted on all the tools used to discover the vulnerability in the group of technical and physical security, extracting the results we got from these tools and explaining the consequences that could occur when exploiting these results, as well as one of the most important results obtained, the results of the Social engineering test that has been implemented on individuals, explain how individuals or institutions penetrate through social engineering. This thesis also clarifies the most important recommendations drawn from the experiments that have been conducted and the results obtained. These proposed recommendations reduce the chances of exploiting the discovered vulnerabilities and also reduce their impact if they are exploited. One of the most important recommendations in this thesis was to focus on training the human element on the security risks facing them and the extent of their impact on them and institutions, and how to confront them and not fall into them.