POINTER: a GDPR-compliant framework for human pentesting (for SMEs)

Jacqueline Archibald; K. Renaud

POINTER: a GDPR-compliant framework for human pentesting (for SMEs)

Jacqueline Archibald, K. Renaud

Division of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

317 Downloads (Pure)

Abstract

Penetration tests have become a valuable tool in any organisation’s arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also “penetration test” their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs.

Original language	English
Title of host publication	Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018)
Editors	Nathan Clarke, Steven Furnell
Place of Publication	Plymouth
Publisher	Univerisity of Plymouth
Pages	147-157
Number of pages	11
ISBN (Print)	9780244402549
Publication status	Published - 9 Sept 2018
Event	12th International Symposium on Human Aspects of Information Security & Assurance - Dundee Business School, Abertay University, Dundee, United Kingdom Duration: 29 Aug 2018 → 31 Aug 2018 Conference number: 12 http://www.haisa.org/?page=home

Conference

Conference	12th International Symposium on Human Aspects of Information Security & Assurance
Abbreviated title	HAISA 2018
Country/Territory	United Kingdom
City	Dundee
Period	29/08/18 → 31/08/18
Internet address	http://www.haisa.org/?page=home

Keywords

Penetration testing
Privacy preservation
SME
GDPR

Access to Document

Archibald_POINTER_Published_2018Final published version, 502 KB

https://www.cscan.org/?page=openaccess&eid=20&id=386

Jacqueline Archibald
- J510994abertay.acuk
- School of Design and Informatics - School Head of Teaching Quality and Learning Enhancement
Person: Academic

Cite this

@inproceedings{43acec74a36b497798c0844196779b95,

title = "POINTER: a GDPR-compliant framework for human pentesting (for SMEs)",

abstract = "Penetration tests have become a valuable tool in any organisation{\textquoteright}s arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also “penetration test” their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs.",

author = "Jacqueline Archibald and K. Renaud",

year = "2018",

month = sep,

day = "9",

language = "English",

isbn = "9780244402549",

pages = "147--157",

editor = "Nathan Clarke and Steven Furnell",

booktitle = "Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018)",

publisher = "Univerisity of Plymouth",

note = "12th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2018 ; Conference date: 29-08-2018 Through 31-08-2018",

url = "http://www.haisa.org/?page=home",

}

Archibald, J & Renaud, K 2018, POINTER: a GDPR-compliant framework for human pentesting (for SMEs). in N Clarke & S Furnell (eds), Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018). Univerisity of Plymouth, Plymouth, pp. 147-157, 12th International Symposium on Human Aspects of Information Security & Assurance, Dundee, United Kingdom, 29/08/18. <https://www.cscan.org/?page=openaccess&eid=20&id=386>

POINTER : a GDPR-compliant framework for human pentesting (for SMEs). / Archibald, Jacqueline; Renaud, K.

Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018). ed. / Nathan Clarke; Steven Furnell. Plymouth : Univerisity of Plymouth, 2018. p. 147-157.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - POINTER

T2 - 12th International Symposium on Human Aspects of Information Security & Assurance

AU - Archibald, Jacqueline

AU - Renaud, K.

N1 - Conference code: 12

PY - 2018/9/9

Y1 - 2018/9/9

N2 - Penetration tests have become a valuable tool in any organisation’s arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also “penetration test” their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs.

AB - Penetration tests have become a valuable tool in any organisation’s arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also “penetration test” their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs.

M3 - Conference contribution

SN - 9780244402549

SP - 147

EP - 157

BT - Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018)

A2 - Clarke, Nathan

A2 - Furnell, Steven

PB - Univerisity of Plymouth

CY - Plymouth

Y2 - 29 August 2018 through 31 August 2018

ER -

POINTER: a GDPR-compliant framework for human pentesting (for SMEs)

Abstract

Conference

Keywords

Access to Document

Fingerprint

Profiles

Jacqueline Archibald

Cite this