Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)

Pen Testing: How Far Should You Let White Hat Hackers Go?

Attorney Kay Lam-MacLeod Discusses Defining the Goals Jeremy Kirk (jeremy_kirk) • July 31, 2017

Pen Testing: How Far Should You Let White Hat Hackers Go?

Kay Lam-MacLeod, principal, Idealaw

Penetration tests can reveal holes in an organization's security. But framing the scope of a penetration test can be challenging, and good results don't necessarily mean 100 percent security. says attorney Kay Lam-MacLeod.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

In an interview at Information Security Media Group's recent Sydney Fraud and Breach Prevention Summit, Lam-MacLeod discusses:

How to define the goals of a penetration test;
What a penetration test can and can't reveal;
What you should allow white hat hackers to do.

Lam-MacLeod is principal at Idealaw, a technology-focused law firm in Brisbane, Australia. She provides virtual in-house counsel support for IT companies, drafting website documentation, contract and policies. The firm also covers the law relating to e-commerce and intellectual property.

Previous
Battling Ransomware With Crowdsourced Threat Intelligence

Next
Nuance the Latest NotPetya Victim to Report Financial Impact

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

You might also be interested in …

A Guide to Passwordless Anywhere

A Guide to Passwordless Anywhere

How to Get High-Performing, Secure Networks While Staying Within Budget

How to Get High-Performing, Secure Networks While Staying Within Budget

Rapid Digitization and Risk: A Roundtable Preview

►

Rapid Digitization and Risk: A Roundtable Preview

Evaluating and Reducing Supply Chain Risk

►

Evaluating and Reducing Supply Chain Risk

Webinar | State of Remote Access Security: The Rise of Zero Trust Network Access

Webinar | State of Remote Access Security: The Rise of Zero Trust Network Access

PSA Buyer’s Guide Checklist: What Every Service Provider Needs to Know Before Buying a Business Management Platform

PSA Buyer’s Guide Checklist: What Every Service Provider Needs to Know Before Buying a Business Management Platform

How Security Teams Can Overcome Restricted Budgets

How Security Teams Can Overcome Restricted Budgets

Security megatrends and their impact on Endpoint Security

Security megatrends and their impact on Endpoint Security

Risk-Based Security: What to Look for in an MDR Provider

►

Risk-Based Security: What to Look for in an MDR Provider

Around the Network

How Cyberattacks Affect CISOs

How Cyberattacks Affect CISOs

Healthcare CISO Group Focuses on Third-Party Risk Challenges

Healthcare CISO Group Focuses on Third-Party Risk Challenges

Protecting the Hidden Layer in Neural Networks

Protecting the Hidden Layer in Neural Networks

The Persisting Risks Posed by Legacy Medical Devices

The Persisting Risks Posed by Legacy Medical Devices

David Derigiotis on the Complex World of Cyber Insurance

David Derigiotis on the Complex World of Cyber Insurance

Exclusive: FDA Leader on Impact of New Medical Device Law

Exclusive: FDA Leader on Impact of New Medical Device Law

Why Banks Find It Hard to Tackle Authorized Fraud

Why Banks Find It Hard to Tackle Authorized Fraud

Organizationwide Passwordless Orchestration

Organizationwide Passwordless Orchestration

Securing the SaaS Layer

Securing the SaaS Layer

Why Is Meta Choosing to Settle Over Cambridge Analytica?

Why Is Meta Choosing to Settle Over Cambridge Analytica?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.