Abstract

A penetration test is a type of system security audit in which a hired individual or staff attempts to discover and exploit vulnerabilities in a system to gain access to sensitive information. This security audit exposes security risks and valuates losses in the event of an actual breach. The problem with penetration testing is that it is not centrally regulated with the necessary legal protections for such a high-risk activity. The purpose of this thesis is to explore the dangers of penetration testing without legal protections and argue for a government-sponsored regulatory agency, which would, though legislation, protect the interests of both penetration testers and their clients. In order to gain a better understanding of the importance of implementing this agency, several cases are presented where the ethical boundaries are pushed both in the realm of penetration testing itself, and in similar activities. This helps to demonstrate that in cases of corporate white collar crime, penetration testing can be, and is being, used as an avenue to espionage and other ethically immoral activities. Since penetration testing lacks criminal repercussions for abusing it, the art faces a higher risk of abuse by someone facing ethical corruption.

Semester/Year of Award

Fall 12-4-2015

Mentor

Robert C. Mahaney

Department/Professional Affiliation

Accounting, Finance, and Information Systems

Access Options

Restricted Access Thesis

Degree Name

Honors Scholars

Department

Computer Science

Share

COinS