In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018)
Title: POINTER: A GDPR-Compliant Framework for Human Pentesting (for SMEs)
Author(s): Jacqueline Archibald, Karen Renaud
Keywords: Penetration testing; Privacy Preservation; SME; GDPR
Abstract: Penetration tests have become a valuable tool in any organisation’s arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also “penetration test” their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs.
Download count: 523
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.