Security professionals, tasked with protecting the information assets of an organization, typically think of their responsibilities in three realms: confidentiality, integrity, and availability (CIA). The adversaries/attackers, seeking to disrupt an organization’s security, have three corresponding goals in mind: disclosure, alteration, and denial (DAD). These models, are known as the CIA and DAD Figure-1 triads and are used by many security professionals around the world.
The CIA and DAD triads are classic models of information security principles.
Cybersecurity professionals use a well-known model to describe the goals of information security. The CIA triad, show in Figure-1. Includes the three main characteristics of information that cybersecurity programs seek to protect.
Attackers or Pentester, and therefore penetration testers, seek to undermine these goals and achieve three corresponding goals of their own. The attacker’s goals are known as the DAD triad Figure-1.
When we talk about Cybersecurity Professionals is necessary to keep in mind that they need to have known of concepts about security, technicals, and tools that are used day by day to defense and attack. That professional need to have mind-set of an Attacker or Pentester, a knowledge advanced about many kind attacks, as well as SQL Injection, Cross-Site Scripting (XSS), Cross-Site Scripting (XSS) Stored, Man-In-The-Middle (MITM), Brute-Force, Remote Code Execution, File Include, Directory or Path Traversal, Code Obfuscation, and more others concepts. The difference between that actors is the role that each one runs in an environment..
The infographics below show some roles of each team.
Below have some tools used to both professionals:-
Remote Access Tools
Credential Testing Tools
Social Engineering Tools