Penetration Testing Professional Ethics: a conceptual model and taxonomy
DOI:
https://doi.org/10.3127/ajis.v13i2.52Keywords:
Penetration testing, computer security, computer ethics, ethicsAbstract
In an environment where commercial software is continually patched to correct security flaws, penetration testing can provide organisations with a realistic assessment of their security posture. Penetration testing uses the same principles as criminal hackers to penetrate corporate networks and thereby verify the presence of software vulnerabilities. Network administrators can use the results of a penetration test to correct flaws and improve overall security. The use of hacking techniques, however, raises several ethical questions that centre on the integrity of the tester to maintain professional distance and uphold the profession. This paper discusses the ethics of penetration testing and presents our conceptual model and revised taxonomy.Downloads
Published
2006-11-01
How to Cite
Pierce, J., Jones, A., & Warren, M. (2006). Penetration Testing Professional Ethics: a conceptual model and taxonomy. Australasian Journal of Information Systems, 13(2). https://doi.org/10.3127/ajis.v13i2.52
Issue
Section
Featured Themes
License
AJIS publishes open-access articles distributed under the terms of a Creative Commons Non-Commercial and Attribution License which permits non-commercial use, distribution, and reproduction in any medium, provided the original author and AJIS are credited. All other rights including granting permissions beyond those in the above license remain the property of the author(s).
