A penetration test is a type of system security audit in which a hired individual or staff attempts to discover and exploit vulnerabilities in a system to gain access to sensitive information. This security audit exposes security risks and valuates losses in the event of an actual breach. The problem with penetration testing is that it is not centrally regulated with the necessary legal protections for such a high-risk activity. The purpose of this thesis is to explore the dangers of penetration testing without legal protections and argue for a government-sponsored regulatory agency, which would, though legislation, protect the interests of both penetration testers and their clients. In order to gain a better understanding of the importance of implementing this agency, several cases are presented where the ethical boundaries are pushed both in the realm of penetration testing itself, and in similar activities. This helps to demonstrate that in cases of corporate white collar crime, penetration testing can be, and is being, used as an avenue to espionage and other ethically immoral activities. Since penetration testing lacks criminal repercussions for abusing it, the art faces a higher risk of abuse by someone facing ethical corruption.
Semester/Year of Award
Robert C. Mahaney
Accounting, Finance, and Information Systems
Restricted Access Thesis
Witten, Christopher, "Penetration Testing with Respect to the Law" (2015). Honors Theses. 268.