Ethical Hazards and Safeguards in Penetration Testing

Penetration testing entails attacking a system to identify and report insecurity, but doing so without harming the system nor encroaching on the dignity of those affected by it. To improve the interaction between penetration testers and their processes and technology, we need to understand the factors that affect decisions they make with ethical import. This paper presents four ethical hazards faced by penetration testers, and three safeguards that address them. We also present preliminary results validating the hazards and safeguards.

REFERENCES

J. M. CorbinA. L. Strauss 2008 Basics of qualitative research: techniques and procedures for developing grounded theory 3rd ed. Sage Publications, Inc
S. Faily 2016 May CAIRIS web site. http://cairis.org
S. FailyI. Fléchais 2011 Persona cases: a technique for grounding personas. In Proceedings of the 29th international conference on Human factors in computing systems, CHI ’11 2267 2270 ACM
S. FailyI. Fléchais 2014 Eliciting and Visualising Trust Expectations using Persona Trust Characteristics and Goal Models. In Proceedings of the 6th International Workshop on Social Software Engineering, SSE 2014 17 24 ACM
S. FailyC. Iacob 2015 Ben and Matt: Penetration Tester Personas. http://cairis.org/ben_matt
S. FailyJ. McAlaneyC. Iacob 2015 Ethical Dilemmas and Dimensions in Penetration Testing. In Proceedings of the 9th International Symposium on Human Aspects of Information Security & Assurance 233 242 University of Plymouth
G. Klein 2007 Performing a project premortem. Harvard Business Review 85 9 18 19
L. LiuE. Yu 2004 April Designing information systems in social context: A goal and scenario modelling approach. Information Systems 29 2 187 203
F. MoutonM. M. MalanK. K. KimppaH. Venter 2015 Necessity for ethics in social engineering research. Computers & Security 55 114 127
G. MussbacherS. GhanavatiD. Amyot 2009 Modeling and Analysis of URN Goals and Scenarios with jUCMNav. In Proceedings of the 2009 17th IEEE International Requirements Engineering Conference, RE, RE ’09 Washington, DC, USA 383 384 IEEE Computer Society
S. G. Pendse 2011 Ethical Hazards: A Motive Means, and Opportunity Approach for Curbing Corporate Unethical Behavior Journal of Business Ethics 107 3 265 279

Author and article information

Contributors

Shamal Faily

Claudia Iacob

Sarah Field

Conference

Publication date: July 2016

Publication date (Print): July 2016

Pages: 1-3

Affiliations

[0001]Bournemouth University

Poole, UK

[0002]University of Portsmouth

Portsmouth, UK

[0003]MWR InfoSecurity

Basingstoke, UK

Article

DOI: 10.14236/ewic/HCI2016.83

SO-VID: 5da19af2-054e-4699-bdf4-f9e939fc203a

License:

This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

Conference name: Proceedings of the 30th International BCS Human Computer Interaction Conference

Conference acronym: HCI

Conference number: 30

Conference location: Bournemouth University, Poole, UK

Conference date: 11 - 15 July 2016

Conference sponsor: Electronic Workshops in Computing (eWiC)

Conference theme: Fusion

History

Product

1477-9358 BCS Learning & Development

Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/HCI2016.83

Self URI (journal page): https://ewic.bcs.org/

Comments

Comment on this article

[1] J. M. CorbinA. L. Strauss 2008 Basics of qualitative research: techniques and procedures for developing grounded theory 3rd ed. Sage Publications, Inc

[2] S. Faily 2016 May CAIRIS web site. http://cairis.org

[3] S. FailyI. Fléchais 2011 Persona cases: a technique for grounding personas. In Proceedings of the 29th international conference on Human factors in computing systems, CHI ’11 2267 2270 ACM

[4] S. FailyI. Fléchais 2014 Eliciting and Visualising Trust Expectations using Persona Trust Characteristics and Goal Models. In Proceedings of the 6th International Workshop on Social Software Engineering, SSE 2014 17 24 ACM

[5] S. FailyC. Iacob 2015 Ben and Matt: Penetration Tester Personas. http://cairis.org/ben_matt

[6] S. FailyJ. McAlaneyC. Iacob 2015 Ethical Dilemmas and Dimensions in Penetration Testing. In Proceedings of the 9th International Symposium on Human Aspects of Information Security & Assurance 233 242 University of Plymouth

[7] G. Klein 2007 Performing a project premortem. Harvard Business Review 85 9 18 19

[8] L. LiuE. Yu 2004 April Designing information systems in social context: A goal and scenario modelling approach. Information Systems 29 2 187 203

[9] F. MoutonM. M. MalanK. K. KimppaH. Venter 2015 Necessity for ethics in social engineering research. Computers & Security 55 114 127

[10] G. MussbacherS. GhanavatiD. Amyot 2009 Modeling and Analysis of URN Goals and Scenarios with jUCMNav. In Proceedings of the 2009 17th IEEE International Requirements Engineering Conference, RE, RE ’09 Washington, DC, USA 383 384 IEEE Computer Society

[11] S. G. Pendse 2011 Ethical Hazards: A Motive Means, and Opportunity Approach for Curbing Corporate Unethical Behavior Journal of Business Ethics 107 3 265 279

Studying business & IT? Drive your professional career forwards with BCS books - for a 20% discount click here: shop.bcs.org