Governance , Incident & Breach Response , Security Operations

Pen Testing: How Far Should You Let White Hat Hackers Go?

Attorney Kay Lam-MacLeod Discusses Defining the Goals Jeremy Kirk (jeremy_kirk) • July 31, 2017

Pen Testing: How Far Should You Let White Hat Hackers Go?

Kay Lam-MacLeod, principal, Idealaw

Penetration tests can reveal holes in an organization's security. But framing the scope of a penetration test can be challenging, and good results don't necessarily mean 100 percent security. says attorney Kay Lam-MacLeod.

See Also: The Application Security Team's Framework For Upgrading Legacy Applications

In an interview at Information Security Media Group's recent Sydney Fraud and Breach Prevention Summit, Lam-MacLeod discusses:

How to define the goals of a penetration test;
What a penetration test can and can't reveal;
What you should allow white hat hackers to do.

Lam-MacLeod is principal at Idealaw, a technology-focused law firm in Brisbane, Australia. She provides virtual in-house counsel support for IT companies, drafting website documentation, contract and policies. The firm also covers the law relating to e-commerce and intellectual property.

Previous
Battling Ransomware With Crowdsourced Threat Intelligence

Next
Nuance the Latest NotPetya Victim to Report Financial Impact

About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

You might also be interested in …

This Time, Election Protection Bill Gets Bipartisan Support

This Time, Election Protection Bill Gets Bipartisan Support

Watchdog Agencies Report on VA Privacy, Security Woes

Watchdog Agencies Report on VA Privacy, Security Woes

Compromised Website Led to Australia Parliament Hack

Compromised Website Led to Australia Parliament Hack

7 Takeaways: Insider Breach at Twitter

7 Takeaways: Insider Breach at Twitter

Update: More Alerts About Medical Device Security Flaws

Update: More Alerts About Medical Device Security Flaws

Risky Dialing: Trump Call Raises Security Worries

Risky Dialing: Trump Call Raises Security Worries

OnDemand Webinar | 6 Steps to Securing Unstructured Data

OnDemand Webinar | 6 Steps to Securing Unstructured Data

Ransomware: Mexican Oil Firm Reportedly Refuses to Pay Up

Ransomware: Mexican Oil Firm Reportedly Refuses to Pay Up

Report Calls for Enforcing Voting Machine Standards

Report Calls for Enforcing Voting Machine Standards

Around the Network

Verizon: Companies Failing to Maintain PCI DSS Compliance

Verizon: Companies Failing to Maintain PCI DSS Compliance

Protecting Data in Sprawling Computing Environments

Protecting Data in Sprawling Computing Environments

The Dark Web's Automobile Hacking Forums

The Dark Web's Automobile Hacking Forums

Update: PCI SSC's Enhanced Contactless Payment Standard

Update: PCI SSC's Enhanced Contactless Payment Standard

Identity Fraud: Account Origination

Identity Fraud: Account Origination

Google's Push Into Health Sector: Emerging Privacy Issues

Google's Push Into Health Sector: Emerging Privacy Issues

Why Medical Device Security Is So Challenging

Why Medical Device Security Is So Challenging

CCPA Compliance: Identity Verification Challenges

CCPA Compliance: Identity Verification Challenges

'Zero Trust': Can It Be Defined?

'Zero Trust': Can It Be Defined?

Analysis: Instagram's Major Problem With Minors' Data

Analysis: Instagram's Major Problem With Minors' Data

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.