POINTER: A GDPR-compliant framework for human pentesting (for SMEs)

J. Archibald, K. Renaud

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

Abstract

Penetration tests have become a valuable tool in any organisation's arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also "penetration test" their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs.
Original languageEnglish
Title of host publicationProceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018)
EditorsNathan Furnell, Steven Clarke
Place of Publication[S.I.]
Pages147-157
Number of pages11
Publication statusPublished - 29 Aug 2018
EventInternational Symposium on Human Aspects of Information Security & Assurance (HAISA 2018) - Dundee, United Kingdom
Duration: 29 Aug 201831 Aug 2018

Conference

ConferenceInternational Symposium on Human Aspects of Information Security & Assurance (HAISA 2018)
Country/TerritoryUnited Kingdom
CityDundee
Period29/08/1831/08/18

Keywords

  • penetration testing
  • privacy preservation
  • SME
  • GDPR

Fingerprint

Dive into the research topics of 'POINTER: A GDPR-compliant framework for human pentesting (for SMEs)'. Together they form a unique fingerprint.

Cite this