Technoethical Inquiry into Ethical Hacking at a Canadian University

Abstract

Business and academic organizations are in a constant pursuit of efficient and ethical technologies and practices to safeguard their information assets from the growing threat of hackers. Ethical hacking is one important information security risk management strategy they use. Most published books on ethical hacking have focused on its technical applications in risk assessment practices. This paper addressed a scarcity within the organizational communication literature on ethical hacking. Taking a qualitative exploratory case study approach, the authors explored ethical hacking implementation within a Canadian university as the case study in focus, applying technoethical inquiry theory paired with Karl Weick's sensemaking model as a theoretical framework. In-depth interviews with key stakeholder groups and a document review were conducted. Findings pointed to the need to expand the communicative and sociocultural considerations involved in decision making about ethical hacking organizational practices, and to security awareness training to leverage sensemaking opportunities and reduce equivocality.