The Importance of Ethical Conduct by Penetration Testers in the Age of Breach Disclosure Laws.
AbstractAcross the globe, there has been a noticeable increase in the adoption of breach disclosure laws that are designed to protect the privacy of individuals. To validate the security controls implemented by an organisation to protect sensitive data, penetration testers are often engaged to test the security of information systems and to report any vulnerabilities. Using an interpretivist, constructivist approach, this article reports on a pilot study that compares USA and Australian approaches to ethical hacking. The need for regulation of ethical hacking to help protect organisations from unethical conduct was a recurring theme. With the changes in privacy regulations across the world, unauthorised disclosure of personal and privileged information could result in significant consequences. This paper explores the importance of ethical conduct by penetration testers based on empirical research and the potential for misuse of information.
AJIS publishes open-access articles distributed under the terms of a Creative Commons Non-Commercial and Attribution License which permits non-commercial use, distribution, and reproduction in any medium, provided the original author and AJIS are credited. All other rights including granting permissions beyond those in the above license remain the property of the author(s).