Governance & Risk Management , Incident & Breach Response , Security Operations

Pen Testing: How Far Should You Let White Hat Hackers Go?

Attorney Kay Lam-MacLeod Discusses Defining the Goals Jeremy Kirk (jeremy_kirk) • July 31, 2017

Pen Testing: How Far Should You Let White Hat Hackers Go?

Kay Lam-MacLeod, principal, Idealaw

Penetration tests can reveal holes in an organization's security. But framing the scope of a penetration test can be challenging, and good results don't necessarily mean 100 percent security. says attorney Kay Lam-MacLeod.

See Also: 451 Research Report: Tackling the Visibility Gap in Information Security

In an interview at Information Security Media Group's recent Sydney Fraud and Breach Prevention Summit, Lam-MacLeod discusses:

How to define the goals of a penetration test;
What a penetration test can and can't reveal;
What you should allow white hat hackers to do.

Lam-MacLeod is principal at Idealaw, a technology-focused law firm in Brisbane, Australia. She provides virtual in-house counsel support for IT companies, drafting website documentation, contract and policies. The firm also covers the law relating to e-commerce and intellectual property.

Previous
Battling Ransomware With Crowdsourced Threat Intelligence

Next
Nuance the Latest NotPetya Victim to Report Financial Impact

About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

You might also be interested in …

5 Questions Every CIO Must Answer in the Coronavirus Age

A Roadmap to SASE

A Roadmap to SASE

Top E-Signature Use Cases In Banking

Top E-Signature Use Cases In Banking

Building a Collective Defense

Building a Collective Defense

SD-WAN Evolution and Adoption

SD-WAN Evolution and Adoption

2020 Data Protection Trends for Financial Services

CISO Perspectives on Distributed Workforce and Post-pandemic Enterprise

CISO Perspectives on Distributed Workforce and Post-pandemic Enterprise

Secure the Workforce: The Next Phase

Secure the Workforce: The Next Phase

The Sunday Times - Cyber Security Report 2020

Around the Network

Analysis: Are Marriott and BA's GDPR Fines Big Enough?

Analysis: Are Marriott and BA's GDPR Fines Big Enough?

Avoiding Medical Device Security Mistakes

Avoiding Medical Device Security Mistakes

Healthcare Supply Chain Security: Updated Guidance

Healthcare Supply Chain Security: Updated Guidance

Christopher Krebs Describes Accomplishments

Christopher Krebs Describes Accomplishments

Analysis: Threat Landscape Report

Analysis: Threat Landscape Report

Banking on Cloud Security

Banking on Cloud Security

Using Advanced Tools to Tackle Hidden Fraud

Using Advanced Tools to Tackle Hidden Fraud

Analysis: Cybersecurity Challenges Facing New President

Analysis: Cybersecurity Challenges Facing New President

Using an 'Intrinsic Security' Approach

Using an 'Intrinsic Security' Approach

Why Banks Need to Invest in Monitoring

Why Banks Need to Invest in Monitoring

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.