Virtuous human hacking: The ethics of social engineering in penetration-testing

@article{Hatfield2019VirtuousHH,
  title={Virtuous human hacking: The ethics of social engineering in penetration-testing},
  author={Joseph M. Hatfield},
  journal={Comput. Secur.},
  year={2019},
  volume={83},
  pages={354-366}
}
First broad and systematic horizon scanning campaign and study to detect societal and ethical dilemmas and emerging issues spanning over cybersecurity solutions
TLDR
The results of a horizon scanning study aimed at identifying the ethical and human rights dilemmas that may arise in relation to cybersecurity and cybercrime are presented; in the paper, the identified “weak signals” have been presented.
Hidden and forbidden: conceptualising Dark Knowledge
The purpose of this paper is to introduce the concept of Dark Knowledge, an epistemology that acknowledges both alternative knowledge and ways of knowing which are cognizant of the moral and ethical
Development and Psychometric Analysis of Cyber Ethics Instrument (CEI)
TLDR
The psychometric properties of a new instrument, cyber ethics instrument (CEI), for assessing cyber ethics were developed and validated and established the viability of CEI for measuring cyber ethics.
Scanning the Resilience of an Organization Employees to Social Engineering Attacks Using Machine Learning Technologies
  • L. Astakhova, I. Medvedev
  • Computer Science
    2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT)
  • 2020
TLDR
The results of the development and implementation of an economical tool for internal testing of the organization’s employees with the aim of increasing their resistance to social engineering attacks of various types and forms and substantiates the possibility of solving the problem using machine learning technologies.
Testing for Security Weakness of Web Applications using Ethical Hacking
  • R. S. Devi, M. Kumar
  • Computer Science
    2020 4th International Conference on Trends in Electronics and Informatics (ICOEI)(48184)
  • 2020
TLDR
From the result comparison of the Nikto and zap tool, theNikto tool identified more venerability than ZAP, which is a sign of openness and flaws in networks and web applications using penetration testing to protect the institutions from cyber threats.
Exploiting organisational vulnerabilities as dark knowledge: conceptual development from organisational fraud cases
Purpose This paper aims to assert that knowledge of organisational weaknesses, vulnerabilities and compromise points (here termed “dark knowledge”), is just as critical to organisational integrity
Best Practices and Recommendations for Cybersecurity Service Providers
TLDR
This chapter outlines some concrete best practices and recommendations for cybersecurity service providers, with a focus on data sharing, data protection and penetration testing, and discusses data handling policies and practices of cybersecurity vendors along the following five topics.
Social engineering in the context of ensuring information security
TLDR
The matrix of social engineering qualification criteria and the map of information security risks caused by social engineer actions were built.
An Information Tool for Increasing the Resistance of Employees of an Organization to Social Engineering Attacks
TLDR
The results of the development of a resilience scanner, a software application for testing employees of an organization to increase their resilience to attacks of social engineering, are described and its multifunctionality is shown.
...
1
2
...

References

SHOWING 1-10 OF 40 REFERENCES
Technoethical Inquiry into Ethical Hacking at a Canadian University
TLDR
A scarcity within the organizational communication literature on ethical hacking was addressed, pointing to the need to expand the communicative and sociocultural considerations involved in decision making about ethical hacking organizational practices, and to security awareness training to leverage sensemaking opportunities and reduce equivocality.
Critical Theory as an Approach to the Ethics of Information Security
TLDR
The paper argues that critical theory has intrinsic links to ethics and that it is possible to identify concepts frequently used in critical theory to pinpoint ethical concerns, and demonstrates that a critical lens can highlight issues that traditional ethical theories tend to overlook.
Social engineering from a normative ethics perspective
TLDR
The identified ethical concerns with regards to two different normative ethics approaches namely utilitarianism and deontology are discussed and practical examples of where these formalised ethical concerns for social engineering research can be utilised are provided.
Anticipatory Ethics for a Future Internet: Analyzing Values During the Design of an Internet Infrastructure
TLDR
This paper systematically examines values expressed by an Internet architecture engineering team—the Named Data Networking project—based on data gathered from publications and internal documents, which reveals both values invoked in response to technical constraints and possibilities, such as efficiency and dynamism.
Lost in cyberspace: ethical decision making in the online environment
In this study, a 20-item questionnaire was used to elicit undergraduates’ (N = 93) ethical judgment and behavioral intention regarding a number of behaviors involving computers and internet usage.
Who Regulates Ethics in the Virtual World?
This paper attempts to give an insight into emerging ethical issues due to the increased usage of the Internet in our lives. We discuss three main theoretical approaches relating to the ethics
Designing ethical phishing experiments
TLDR
An overview of the review process used by IRBs, an outline of the section of the federal regulations that provide the circumstances where aspects of the informed consent process can be waived, and the process of designing and analyzing phishing experiments in an ethical manner are outlined.
Ethical Considerations when Employing Fake Identities in Online Social Networks for Research
TLDR
A taxonomy of the ethical challenges facing researchers of OSNs is presented and several possible approaches are offered to reduce or avoid ethical misconducts are offered.
...
1
2
3
4
...