The Importance of Ethical Conduct by Penetration Testers in the Age of Breach Disclosure Laws.

Georg Thomas, Oliver Burmeister, Gregory Low

Abstract


Across the globe, there has been a noticeable increase in the adoption of breach disclosure laws that are designed to protect the privacy of individuals. To validate the security controls implemented by an organisation to protect sensitive data, penetration testers are often engaged to test the security of information systems and to report any vulnerabilities. Using an interpretivist, constructivist approach, this article reports on a pilot study that compares USA and Australian approaches to ethical hacking. The need for regulation of ethical hacking to help protect organisations from unethical conduct was a recurring theme. With the changes in privacy regulations across the world, unauthorised disclosure of personal and privileged information could result in significant consequences. This paper explores the importance of ethical conduct by penetration testers based on empirical research and the potential for misuse of information.

Keywords


Penetration Testing; Ethics; Privacy legislation; Data Misuse; privacy

Full Text:

PDF


DOI: http://dx.doi.org/10.3127/ajis.v23i0.1867

License URL: https://creativecommons.org/licenses/by-nc/3.0/au/

Creative Commons License
ISSN: Online: 1326-2238 Hard copy: 1449-8618
This work is licensed under a Creative Commons Attribution-NonCommercial Licence. Uses the Open Journal Systems. Web design by TomW.