Refining the PoinTER “human firewall” pentesting framework-Reference-Cited by-同舟云学术

Refining the PoinTER “human firewall” pentesting framework

Published:2019-06-20 Issue:4 Volume:27 Page:575-600
ISSN:2056-4961
Container-title:Information & Computer Security
language:en
Short-container-title:ICS

Author:

Archibald Jacqueline M.,Renaud Karen

Abstract

Purpose Penetration tests have become a valuable tool in the cyber security defence strategy in terms of detecting vulnerabilities. Although penetration testing has traditionally focussed on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyberattacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper, the authors reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. This paper aims to propose improvements to refine the framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny Design/methodology/approach The authors conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet the requirements to have an ethical human pentesting framework, the authors compiled a list of ethical principles from the research literature which they used to filter out techniques deemed unethical. Findings Drawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, the authors propose the refined GDPR-compliant and privacy respecting PoinTER framework. The list of ethical principles, as suggested, could also inform ethical technical pentests. Originality/value Previous work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature.

Publisher

Emerald

Subject

Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems

Reference122 articles.

1. An overview of social engineering malware: trends, tactics, and implications;Technology in Society,2010

2. Social engineering threats and applicable countermeasures;African Journal of Computing and ICT,2015

3. AL-Hamar, M. (2010), “Reducing the risk of e-mail phishing in the state of Qatar through an effective awareness framework”, Doctoral Thesis, Loughborough University.

4. Alvarez, E. (2014), “Sony pictures hack: the whole story”, available at: www.engadget.com/2014/12/10/sony-pictures-hack-the-whole-story/

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Application of Computer Security Management in Internet Finance;2023 International Conference on Applied Intelligence and Sustainable Computing (ICAISC);2023-06-16

2. User perception of Context-Based Micro-Training – a method for cybersecurity training;Information Security Journal: A Global Perspective;2023-06-09

3. Federated Learning-Based Cyber Threat Hunting for APT Attack Detection in SDN-Enabled Networks;2022 21st International Symposium on Communications and Information Technologies (ISCIT);2022-09-27

4. New challenges in supply chain management: cybersecurity across the supply chain;International Journal of Production Research;2021-10-12

5. Offensive Security: Towards Proactive Threat Hunting via Adversary Emulation;IEEE Access;2021