Governance & Risk Management , Incident & Breach Response , Security Operations

Pen Testing: How Far Should You Let White Hat Hackers Go?

Attorney Kay Lam-MacLeod Discusses Defining the Goals Jeremy Kirk (jeremy_kirk) • July 31, 2017

Pen Testing: How Far Should You Let White Hat Hackers Go?

Kay Lam-MacLeod, principal, Idealaw

Penetration tests can reveal holes in an organization's security. But framing the scope of a penetration test can be challenging, and good results don't necessarily mean 100 percent security. says attorney Kay Lam-MacLeod.

See Also: Live Webinar | Cybersecurity in Healthcare Supply Chains: A CISO Perspective

In an interview at Information Security Media Group's recent Sydney Fraud and Breach Prevention Summit, Lam-MacLeod discusses:

How to define the goals of a penetration test;
What a penetration test can and can't reveal;
What you should allow white hat hackers to do.

Lam-MacLeod is principal at Idealaw, a technology-focused law firm in Brisbane, Australia. She provides virtual in-house counsel support for IT companies, drafting website documentation, contract and policies. The firm also covers the law relating to e-commerce and intellectual property.

Previous
Battling Ransomware With Crowdsourced Threat Intelligence

Next
Nuance the Latest NotPetya Victim to Report Financial Impact

About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

You might also be interested in …

Does Your Incident Response Plan Measure Up?

Does Your Incident Response Plan Measure Up?

Report: Risks and Trends of Security Fundamentals

Report: Risks and Trends of Security Fundamentals

Rapid Digitization and Risk: A Roundtable Preview

►

Rapid Digitization and Risk: A Roundtable Preview

Ransomware Recovery in the 'New Normal'

Ransomware Recovery in the 'New Normal'

5 Questions Every CIO Must Answer in the Coronavirus Age

The Four Pillars of Modern Vulnerability Management (French Language)

SIEM Solutions Buyer's Guide (French Language)

Driving Immediate Value with a Cloud SIEM

Choosing the Right Detection and Response Solution for your Business

Around the Network

Using Tech to Prevent Fraud in Government Loan Program

Using Tech to Prevent Fraud in Government Loan Program

Key Considerations for Privileged Access Management

Key Considerations for Privileged Access Management

Ransomware Gangs Find Fresh Ways to Make Victims Pay

Ransomware Gangs Find Fresh Ways to Make Victims Pay

The Risks Posed by Mobile Health Apps

The Risks Posed by Mobile Health Apps

Equifax Breach: CISO Describes Lessons Learned

Equifax Breach: CISO Describes Lessons Learned

Fed Studies Development of Digital Dollar

Fed Studies Development of Digital Dollar

How Organizations Can Leverage SASE

How Organizations Can Leverage SASE

Price Is Right: When Insiders Are Willing to Violate HIPAA

Price Is Right: When Insiders Are Willing to Violate HIPAA

Privacy Framework Proposed to Address HIPAA Gaps

Privacy Framework Proposed to Address HIPAA Gaps

Analysis: Is Chinese Database Exposure a Cause for Concern?

Analysis: Is Chinese Database Exposure a Cause for Concern?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.